Getting the 301 redirect error even with the proper config setup in Cloudflare Rules

Question

I am trying to use Cloudflare as my DNS for a site hosted on Vercel. My DNS configs are set to use the Proxied settings turned on. Vercel says against it though. But they have a way of allowing the Proxied DNS config in their doc. I did the same and created a page rule with the settings as seen below.

Now, the expected error should be 404 Not Found but I am getting the 301 Permanent Redirect error.

HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Sep 2021 08:38:30 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 05 Sep 2021 09:38:30 GMT
Location: https://dispatchbot.ml/.well-known/acme-challenge
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wImD0Hy4nEZEgaw3eCBVGSVyscQ8zEezbEjTjSJPIOSL%2BnsDFGnrbsyJkgP3LqweeZ0uC85E6kK%2FO4nPFA23%2BZaF5jgCZJOnawGwIotLAZ7nySmGHfHopr1qrut%2FaFDePg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 689e244b8fb00efc-BOM
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Note: I am using the Always use HTTPS settings with SSL/TLS Encryption settings set to Full (Strict).

Answer 1

The problem might be related to your configuration. According to the Vercel documentation page you listed

The domain must allow HTTP requests (without HTTPS) to the path /.well-known/*.

However you said you have enabled Always use HTTPS, which will redirect HTTP request to HTTPS (and therefore will also force HTTPS on the /.well-known/ path. It seems you also enabled HSTS which will enforce HTTPS in the browser.

A potential solution could be to remove HSTS (but this might take time to be reflected in the browsers according to the policy used) and configure Always Use HTTPS via Page Rules instead to exclude it from the /.well-known/ path.