Trying to use Caddy behind Cloudflare (with caddy plugin), Caddy itself starts fine and listens on ports 443 and 80, but trying to load fails on all browsers with error ERR_TOO_MANY_REDIRECTS.

My /etc/caddy/Caddyfile:
root /var/www/
tls {
    dns cloudflare

My /etc/systemd/system/caddy.service.d/override.conf:


When attempting to load the website with lynx (in case this is useful):

$ lynx

(— was prompted to accept cookie, selected Always)

Looking up
Making HTTPS connection to
Verified connection to (
Certificate issued by: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
Secure 128-bit TLS1.2 (ECDHE_ECDSA_AES_128_GCM_SHA256) HTTP connection
Sending HTTP request.
HTTP request sent; waiting for response.
HTTP/1.1 301 Moved Permanently
'A'lways allowing from domain ''.
Data transfer complete
HTTP/1.1 301 Moved Permanently

lynx: Start file could not be found or is not text/html or text/plain

As far as I’m aware I’m not trying to do anything spectacularly complex. I tried setting CLOUDFLARE_API_KEY to the key listed on cloudflare as ‘Origin CA Key’ but this prevented Caddy from running at all.

I also tried making a single label for and nesting the rootdir and tls directives within in, but it made no difference.

Am at a bit of a loss.

Try using log stdout or log syslog in your caddyfile to see which requests actually hit Caddy, and aren’t just being redirected by Cloudflare for some reason.

I think this is usually because your Cloudflare SSL config isn’t set to “Full (strict)” – if I recall, that is the correct setting.


Thanks, that fixed it!
Perhaps this needs to be explicitly stated somewhere so fellow noobs are not caught out as I was.

I’ve written about it a few times:

It might do to put it in an FAQ somewhere; although it’s not Caddy’s fault, it happens frequently enough to mention.

1 Like

Yeah, this doesn’t belong in the Caddy documentation, because it is a Cloudflare issue. It’s just one of the risks of adding this layer of complexity to your setup. Fortunately it’s an easy fix.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.