521 error or special page instead of Next.js frontend
What steps have you taken to resolve the issue?
We have our own servers with websites and web applications, but our servers do not have SSL certificates. We also have the main domain connected to Cloudflare, and this domain has many subdomains. One of our servers has a subdomain like w1.ourdomain.com, and we point the main domain ourdomain.com from Cloudflare to this server. Everything works fine, meaning when a visitor accesses https://ourdomain.com, they are redirected to our server at http://w1.ourdomain.com. On that server, there is a website based on the Drupal CMS. Recently, we launched another server, which we’ll call the subdomain w2.ourdomain.com, and on it, we launched a Next.js application. When we access this server via its direct IP address, for example, http://123.123.123.123, or via the address http://w2.ourdomain.com (i.e., without https), the application opens normally. However, to enable https, we pointed the subdomain w3.ourdomain.com from Cloudflare to this server. But when we try to access https://w3.ourdomain.com, we somehow get our custom 500 error page. If we disable the custom error page, then trying to access https://w3.ourdomain.com shows a Cloudflare error page with error 521. However, again, if we access the server via its direct IP address or via http://w2.ourdomain.com, everything is fine, and we get a 200 status. How can we resolve this issue so that when accessing https://w3.ourdomain.com, we get our Next.js application?
It’s obvious. What is stopping us is the fact that installing and setting up a certificate on our own server is a complex process. While Cloudflare provides an immediately ready certificate along with protection against attacks.
No, it’s not obvious at all to me. Installing and configuring a certificate in 2025 should be a relatively trivial task for someone managing multiple servers (assuming those servers are being managed anyways).
Cloudflares’ Universal SSL certificates are NOT a replacement to having certificates on your origin servers. These are edge certificates that only cater for the connection from your visitors’ browsers to Cloudflare, but not from Cloudflare to your origin servers.
If you care about security, you should provision SSL certificates on your servers to ensure end-to-end encryption. And if you don’t care about security, you may as well disable Universal SSL completely.
Now, back to your issue.
What’s your Cloudflare SSL/TLS Encryption mode setting?
Note that “Full” requires a certificate at the origin (even a self-signed one will do), while “Full (Strict)” requires a valid CA-issued certificate at your origin server.
I don’t deny that our server admin should be able to install a certificate on the server, and I don’t deny that a certificate on our server alongside the Cloudflare certificate is like a second lock on the door. But I cannot agree that if for some reason we are not yet installing such a second lock, then there is no point in putting even the first one.
Again, on the server where our main website is hosted, there is no certificate, Cloudflare’s Full mode is enabled, and the HTTPS connection from Cloudflare works fine. But it’s Apache on the server. The problem I described concerns another server where Node.js + Next.js is deployed. That’s why I’m wondering if the described problem is somehow related to what server software is installed on the server machine. Because again, when accessing the direct IP address or an unsecured connection, i.e., without Cloudflare, we get a 200 status from Node.js + Next.js, and only when trying to access via HTTPS from Cloudflare we get a 521 status.