520 Error - Only happening when traffic is ran through CF

What is the name of the domain?

What is the error number?

520

What is the error message?

Web server is returning an unknown error

What is the issue you’re encountering

520 Errors constantly when trying to access/navigate wp backend and frontend

What steps have you taken to resolve the issue?

Removed large media. I paused CF however I am self signed with it running through CF so that caused a different type of issue. The errors did not occur when I had paused CF for 30 minutes.

What feature, service or problem is this related to?

DNS records

What are the steps to reproduce the issue?

Access website and navigate around.

Screenshot of the error

Using Incognito mode, I see the 520 sometimes from http://etching-wood.co.uk, https and www seem ok. Can you show a screenshot of your DNS records and any redirect rules you may have on Cloudflare?

Also intermittent here…
https://cf.sjr.org.uk/tools/check?9a79140bad7148aeaff66fbf95578ba7#connection-worker-http

Hey SJR,

Thanks, strangely I don’t experience in incog

screenshot of DNS records attached;

That looks ok (I was checking if you had multiple IP addresses for the domain).

You do need to set the mail DNS record to “DNS only” instead of “Proxied”.

One problem you have is a self-signed SSL certificate on your origin so your Cloudflare SSL/TLS mode is “Flexible”. Connections are not secured between Cloudflare and your origin so you need to get a trusted SSL certificate on your server (from LetsEncrypt or similar) or use a Cloudflare origin certificate. Your site is not secured at the moment.

You can pause Cloudflare while you set that up, and meantime see if intermittent errors occur when connecting directly to your origin.

I was looking into that, but it was working fine for 2 years up until around a month ago when these issues starting happening. I use a calendar app for bookings which may be causing enlarged headers or other large payload issues to cause the 520 error.

I will grab a non self signed for the time being.

The issue with pausing CF would be that the ‘insecure webpage popup’ through Google Chrome etc may surprise/scare users. I assume there is nothing to be done about that?

Thanks for your help

The issue seems to be with your origin server, intermittently (I estimate around 5% of the time, maybe less) I get an error. This is querying your origin server directly. Cloudflare would throw a 520 in response to this.

* OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0
* Failed receiving HTTP2 data
* OpenSSL SSL_write: SSL_ERROR_SYSCALL, errno 0
* Failed sending HTTP2 data
* Connection #0 to host www.etching-wood.co.uk left intact

I suggest pause Cloudflare, get a proper certificate in place, check for intermittent issues without Cloudflare. Then when it’s all fixed, re-enabled Cloudflare.

Thanks, I am experiencing it far more than 5% same with the other admin of the site. However I have since bought an SSL cert. I was lazy and bought a goDaddy SSL cert. AND paused CF. I have tried moving the CF SSL/TLS encryption mode from flexible to full(strict) and it caused issues again. I’ll try when the cert has been propagated some more, otherwise I’ll need to troubleshoot that further.

I’ll report back in a day or two of testing to see if this solves the issue.

Hey SJR,

I am trying to use the check my origin server part of your website and it’s not available. Do you know how I could test this/run any scripts to check the connection to my origin server? It’s on a GoDaddy regular hosting so I’m sure it’s not great but im not expecting more than 1-5 concurrent users.

I am experiencing some server can’t be reached; image attached.

This is with CF paused so it looks like this is a origin server issue?

Thanks

Yes, we’re still working out the best way to implement it so it’s private and not abusable. Should come soon.

Yes. Best to keep Cloudflare paused until the origin works properly on its own as debugging being the Cloudflare proxy isn’t easy.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.