Website down after changing nameservers (DNS) to Cloudflare

Issue:

Followed the provided instructions to update the DNS to Cloudflare. Subsequently, received a confirmation message indicating that the site had been activated, but unfortunately, it is not functioning as expected – the site keeps redirecting and the website is not loading any page

solution/ fix:

Chances are, you have configured your SSL mode as ‘Flexible‘ in Cloudflare which can lead to a continuous loop and trigger the ‘too many redirects’ error. Switching your SSL mode to Full (Strict) should fix this issue as long as you are using either a valid public certificate or a Cloudflare Origin CA certificate on your site

Implement the simple configuration changes (steps) given in this link – change the SSL/TLS setting in Cloudflare from “Flexible” to “Full” (strict). After changing/ switching to Full (Strict) mode, try loading your website again, it should work.

Explanation in Detail

Resolving DNS nameservers Issues with Cloudflare’s SSL/TLS Settings and HTTPS Redirection

It seems like you’re describing a common issue that can occur when configuring SSL/TLS settings and handling HTTPS redirection in a web server or content delivery network (CDN) like Cloudflare. Let me explain this issue and provide a solution:

1. Flexible SSL Setting: In Cloudflare’s SSL/TLS settings, when you set it to “Flexible,” it means that the connection between the client (user’s browser) and Cloudflare is encrypted using HTTPS, but the connection between Cloudflare and your origin server is not encrypted and still uses HTTP.
2. Origin Server Redirects to HTTPS: If your origin server is configured to redirect HTTP requests to HTTPS, it will send a “301 Moved Permanently” or “302 Found” HTTP response to the client, instructing it to use HTTPS for the connection.

Here’s where the issue arises:

• When a user accesses your website, Cloudflare initially sends the request to your origin server over HTTP (because of the “Flexible” SSL setting).
• Your origin server responds with a redirect to HTTPS.
• The client follows the redirect and makes an HTTPS request to Cloudflare.
• Cloudflare receives the HTTPS request and forwards it to your origin server, but because the SSL setting is “Flexible,” it still uses HTTP to communicate with your origin server.
• Your origin server again responds with a redirect to HTTPS.
• This cycle repeats, resulting in a redirect loop.

To resolve this issue, you have a few options:

1. Change SSL/TLS Setting: As mentioned above, the best solution is to change the SSL/TLS setting in Cloudflare from “Flexible” to “Full” (strict). This ensures that both the client-to-Cloudflare and Cloudflare-to-origin server connections are encrypted with SSL/TLS. To do this, you’ll need to install an SSL certificate on your origin server.
2. Install an SSL Certificate on Your Origin Server: If you cannot or do not want to change the SSL/TLS setting in Cloudflare, you should install an SSL certificate on your origin server. This allows you to have an encrypted connection between Cloudflare and your server, even when the SSL setting in Cloudflare is “Flexible.”
3. Update Page Rules: If you have specific pages or URLs that you want to keep using “Flexible” SSL while others use “Full” (strict), you can create Page Rules in Cloudflare to set the SSL setting on a per-path basis.

It’s generally recommended to use “Full” (strict) SSL whenever possible for improved security.

Set up free SSL certificate from Cloudflare

SSL is not only to secure the website but also to improve your SEO ranking. Usually, the new domain does not have SSL (Secure Sockets Layer) certificate installed by default and the website will show a “Not Secure” icon & text right before the URL. That means all customer data submit or request to the website is not secure. Most companies offers paid SSL certificate for any domain. However, you might be interested in securing the website with free SSL. This article explains how to register & get a free SSL certificate from Cloudflare and integrate it with your Website. We will be using Godaddy Shared Webhosting to install & activate the SSL certificate(cert) with the private key.

Step 1: Sign-up with Cloudflare

First, you need to register with Cloudflare

Go to https://dash.cloudflare.com/sign-up

Give a valid email address and password and create an account in Cloudflare

You might receive a verification mail. Just click on the verification link to activate your Cloudflare account.

Step 2 – Add your website

Login into the Cloudflare account

On the top-right side, click on Add Site link.

Enter your domain name (sitename.com without https:// prefix) and click on the Add Site button.

It has 3 steps:

1 of 3: Select Free plan

Cloudflare is not only for SSL but also for CDN which will improve your page load time as well if used properly, it provides multiple paid plans but we will go with the Free service plan

Choose the Free plan and click on the Continue button

2 of 3: Review DNS records

Cloudflare will scan and fetch all DNS records from the web hosting server automatically, below screenshot shows records from the ‘Godaddy’ nameserver.

Simply click on the Continue button

3 of 3: Changing nameservers

See the screenshot below, you should complete the 4^th step. It will show the Cloudflare nameservers which you need to replace in your domain server(Godaddy)

Don’t click on the ‘Done, check nameservers‘ button until the 4^th step is completed – that is, updating nameservers in Godaddy.

Follow next step and replace Godaddy’s nameservers with Cloudflare’s nameservers

3 of 3(a): Update Godaddy nameservers with Cloudflare

Log in to your GoDaddy account

go to My Products >> your domain >> click on three dots and click on Manage DNS

Go to the Nameservers tab section and click on the Change Nameservers button.

It will show the Edit nameservers popup.
Select “I’II use my own nameservers“.
Copy the nameservers from Cloudflare and add them to Godaddy’s DNS (Nameserver 1 & Nameserver 2).
Click on Save button.

It will ask for your confirmation to update nameservers for the selected domain(s), just click on Continue.

The new custom DNS(nameservers) is updated.

3 of 3(b): Activate Cloudflare nameservers service

Now, Go back to the Cloudflare website and complete the 5th step (see the screenshot below)

1. Click on “Done, check nameservers” which will save your changes

2. Click “Finish Later“

3. Click on ‘Check nameservers‘ to detect new nameservers, manually.

You can see the message – “Registrars can take 24 hours to process nameserver updates. You will receive an email when your site is active on Cloudflare”.
But the whole process of updating the nameserver usually gets completed within an hour.

It will automatically keep checking and you will get an email notification from Cloudflare once the process is complete as well as a message on the Cloudflare site once it is successfully activated. (see the below screenshot)

Once the above process is completed, visit your site and check for a secure connection.

It should show a secure connection with the lock symbol

The process of Removing ‘Not secure’ and showing a secure connection for a website is completed.

Cloudflare applies Flexible SSL/TLS encryption mode by default, which means, Encrypts traffic between the browser and Cloudflare

To check this: goto Cloudflare >> select your site >> click on SSL/TLS >> Overview

Skip the further steps if you are ‘OKAY’ and satisfied just showing your website with the Flexible(basic) security but it is highly recommendable to implement end-to-end encryption. Follow a few more simple steps to make your site fully secure.

Step 3: Change Flexible to Full(strict) secure connection

Full security, end-to-end SSL/TLS encryption – Steps

Full(strict) secure connection – Encrypts end-to-end, a trusted CA or Cloudflare Origin CA certificate on the server

1) Generate SSL Certificate and Private Key in Cloudflare

Go to Cloudflare >> click on your website >> SSL/TLS >> Origin Server and click on Create Certificate button.

On the Origin Server page, just select max Certificate Validity (15 Years) from the dropdown. (don’t change anything else) and click on Create button

It will show Origin Certificate and Private Key, you need to install them into Godaddy’s SSL website (copy & paste)

2) Install an SSL Certificate in Godaddy

Go to your Godaddy’s cPanel hosting >> SSL/TLS >> Manage SSL sites.

Scroll down and go to ‘Install an SSL Website‘ section

Select your domain from the dropdown list.

You can see Certificate and Private Key fields – copy keys from Cloudflare and paste them into Godaddy’s corresponding fields, one by one.

a) copy Cloudflare’s Origin Certificate and past it into Godaddy’s Certificate (CRT) field
b) copy Cloudflare’s Private Key and past it into Godaddy’s Private Key (KEY) field

And click on Install Certificate

It will popup a success message – SSL Certificate Successfully Updated.

Click on the OK button

Godaddy configuration is done

Now, go back to Cloudflare and change SSL security from Flexible to Full (strict)

That’s it, Protecting your Website with full end-to-end Protection/security is Done.

Check your website prefix with https:// – it should show a secure lock symbol with full security.

Thanks

Reference: SSL and TLS