Home > Networking > Cloudflare Flexible SSL vs. Full SSL: Fixing WordPress 301 Redirect Loops

Cloudflare Flexible SSL vs. Full SSL: Fixing WordPress 301 Redirect Loops

By /

I recently added Cloudflare CDN to my WordPress site on Linode, updated GoDaddy nameservers to Cloudflare, and bam—every link hit a 301 redirect loop. The issue? Cloudflare’s default “Flexible” SSL clashed with my HTTPS-enforced WordPress. Here’s the real-world fix, with details on Flexible vs. Full SSL modes.

Why the 301 Loop Happens

Cloudflare’s SSL settings dictate how traffic flows between visitors, Cloudflare, and your server (Linode). Here’s the breakdown:

  • Flexible SSL: Encrypts traffic from visitors to Cloudflare (HTTPS), but uses HTTP to your origin server. If WordPress enforces HTTPS, it redirects back to HTTPS, and Cloudflare retries HTTP—loop city.
  • Full SSL: Encrypts end-to-end (visitor → Cloudflare → Linode), requiring an SSL cert on your server, even if it’s not publicly trusted.

My setup: Cloudflare defaulted to Flexible, but Linode’s WordPress kept redirecting to HTTPS, causing the endless 301s.

The Fix: Switch to Full SSL

To break the loop, align Cloudflare with WordPress’s HTTPS setup:

  1. Set Cloudflare to Full SSL:
    • Log into Cloudflare via mobile browser.
    • Go to SSL/TLS > Overview.
    • Change “Flexible” to “Full” (use “Full (strict)” only with a valid, trusted cert on Linode).
  2. Verify WordPress URLs:
    • In WordPress app: Settings > General.
    • Confirm Site URL and WordPress URL are https://yourdomain.com.
    • Save.
  3. Purge Cloudflare Cache:
    • In Cloudflare: Caching > Purge Cache > Purge Everything.
    • Clear your mobile browser cache.

Full SSL Explained: Enables encryption end-to-end. Works if your origin (Linode) has an SSL cert, even a self-signed one—perfect for my case.

Flexible SSL Explained: Encrypts visitor-to-Cloudflare only, using HTTP to your server. Avoids browser warnings but fails if your backend demands HTTPS.

No SSL Cert on Linode?

If Linode lacks a cert:

  • Quick Fix: Switch WordPress URLs to http:// and keep Flexible (less secure).
  • Better Fix: Install a free Let’s Encrypt cert on Linode via SSH (certbot --nginx), then use Full SSL.

Test It

Load yourdomain.com in a new tab. No loop? Fixed! Took me 15 minutes once I ditched Flexible for Full.

Lesson: Flexible SSL sounds easy, but it’s a trap with HTTPS backends. Full SSL is your friend for WordPress on Linode.

Keywords: Cloudflare Flexible SSL redirect, WordPress 301 loop, Cloudflare Full SSL fix

Related posts:

  1. FortiADC TLS Mismatch with Backend Servers: A Real-World Troubleshooting Case
  2. Investigating PAN-273949: A Potential Resolution for SSL Decryption Deny Log Anomalies
  3. How to Troubleshoot IPsec VPN Issues: Step-by-Step Guide for Palo Alto 820
  4. Nmap for Network Scanning, for beginniner

Powered by YARPP.

Leave a Comment