I'm writing this up because, like with a couple of problem solving posts in the past, I think this could be helpful for other people who have spent hours googling without any results.
I have been setting up a site on a single Amazon EC2 instance. The site can be accessed with SSL or without.
I generated the certificate request, going through GeoTrust, installed it with only a little difficulty.
Everything was going well until I tried to visit any of the HTTPS pages. If they didn't require HTTPS, then the request was redirected back to the HTTP version with a 301 permanent redirection. If HTTPS was required, then a redirection loop was encountered, as my code kept redirecting back to HTTPS, with something redirecting back to HTTP.
Lots of articles exist where people can't reach the site over SSL, but that wasn't my problem. Lots of articles exist where the problem is that Amazon's Enterprise Load Balancer (ELB) was in use, which obviously intercepts HTTPS requests, then passes on the result as HTTP, which would cause a redirection if requesting a page that requires HTTPS, but should not cause a loop where HTTPS is optional.
Instead, the problem was much simpler. The binding I had set up in IIS for HTTPS was using the EC2 instance's public, elastic IP address, rather than the server's private IP address. This was resulting in a redirection to the non-secure version on requests for the secure version, because as far as the server knows, the elastic IP address is a different machine.
Anyway, so changing the binding to use the private IP address worked perfectly.
I can't be bothered trying to word this as a question and answer using the right keywords and then deciding on whether it is more appropriate to go on Stackoverflow.com or Serverfault.com, hence me brain-dumping this here.
Hopefully, this SEO-keyword-laden blog post will allow others who get bitten by this esoteric issue to find an answer much faster.