520 525 errors with CL ssl



We are using the CL ssl certificate and our site was working perfectly fine for two months until yesterday when mysteriously 525 errors started happening. The weird thing is it always seem to happen on the first load, and subsequent loads are fine.

I’ve tried many of the suggestions I’m finding on the web such as switching between flexible, full, or full-strrict.

If I put to flexible it turns the errors into 520. Full and strict returns 525.

I’ve set up a page rule for always use HTTPS (set up as http://mysite.com/ )

I’ve tried Automatic HTTPS Rewrites that doesn’t seem to matter.

I know this is a tough one to solve, I’ve literally tried every combination in the cf panel and it continues to pop up on the first load (after being away for 5mins). I’m almost certain that subsequent loads could be different browsers and they still seem to work. So the problem is when I have been away from my computer for more than 5 minutes, the first load will return the error and subsequent loads on different browsers load fine. So it’s probably a DNS thing? It’s not a matter of waiting for DNS propagation, this problem has been around 24 hrs or more (DNS propagation usually takes 2 hours at the most nowadays). I’ve set the DNS to cloudflare nameservers in my domain configuration.

I’m using only 2 “orange” clouds, A rec mysite.com and CNAME www

Thank you for your help !


Hi there,

That’s an interesting pattern. a Error 520: Web server is returning an unknown error and a Error 525: SSL handshake failed share a common cause - which is the origin returning a TCP reset prematurely.

It sounds to me like your origin server is resetting the TCP connection when Cloudflare attempts to request content from your origin. You might want to check the health of the origin web server in general and check the web server access / error logs when this is happening. You could also use cURL to attempt to connect without Cloudflare and see if you can replicate the problem:


Hello everyone!
Im using flexible SSL from Cloudflare on my website - working good!
But I have a problem with websockets over ssl - wss://mydomain.com:8443/ because i’m having error, 525 Origin SSL Handshake Error
It is possible to use websockets over ssl using Flexible SSL from cloudflare? My domain have enabled orange cloud in control panel. Do i need to configure anything to make wss from cloudflare working on my backend?

Thank you!

Nevermind - FIXED!!

Solution - in page rules disable for specified adress:port SSL :slight_smile: