The plain HTTP request was sent to HTTPS port

I’ve had this problem for a long time now. I’m currently on the latest release, 1.7.13. I use nginx as my webserver, and php 7.4.22.

When I log in to the admin interface:

https://www.{website}.com/admin

After entering the username and password, I get redirected to an “http” url at port 443, with the resulting error.

http://www.{website}.com:443/admin

400 Bad Request
The plain HTTP request was sent to HTTPS port

If I click back, in Chrome at least, the browser corrects it and I’m logged in. Last I checked, firefox wouldn’t correct it, though.

Everything else in the admin interface and the website seems fine. It’s just this during the login that’s broken. Nginx redirects http traffic to https, but expects to receive http traffic on port 80.

If I try to set “Force SSL” in the grav settings (with or without the “custom base url” set), I get a redirect error and can no longer access the admin interface. I have to change the config/system.yaml file back manually to access it again.

This page isn’t working
www.{website}.com redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS

Any idea how I can fix this? Thanks.

How did you solve that problem?

I never did solve the problem. It’s still happening, though with the latest version of Grav, v1.7.30, the behavior is slightly different.

Now, when I click back after the 400 bad request error, it goes back to the login page and I have to click login again. Once I’m logged in, there’s this message at the top:

You have been successfully logged in
Invalid Security Token

It is really strange. We have a Grav site running on Virtualmin with Cloudflare - PHP 8.0+ and we just cloned an existing site into a new user and this error popped up when calling the site. when we clone the page under the same user it is working and you can log in. We checked all Cloudflare settings but they are identical and the same we did with all virtualmin (webmin) settings and they are identical too but still, we can’t run a cloned site under a new user. We are pretty clueless why, to be honest. We can’t find any place inside Grav where a specific user who runs the server gets defined nor where the domain itself gets defined. system yaml are identical too.