I’m having a weird problem with one of my sites where Cloudflare is showing a 421 error even though the web server is responding just fine. I have double checked with the docs and ran the following command from my local machine and I see the response that I am expecting. However, when visiting the website directly I get the 521 error.
The firewall is set to whitelist all traffic from Cloudflare’s network already.
I am not sure where to go from here. Any help is appreciated.
meisams-mbp-2:~ meisam$ curl --silent --verbose https://www.trekpc.ca --resolve www.trekpc.ca:443:*.*.*.* * Added www.trekpc.ca:443:*.*.*.* to DNS cache * Rebuilt URL to: https://www.trekpc.ca/ * Hostname www.trekpc.ca was found in DNS cache * Trying *.*.*.*... * TCP_NODELAY set * Connected to www.trekpc.ca (*.*.*.*) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: CN=trekpc.ca * start date: Nov 2 06:52:11 2018 GMT * expire date: Jan 31 06:52:11 2019 GMT * subjectAltName: host "www.trekpc.ca" matched cert's "www.trekpc.ca" * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 * SSL certificate verify ok. > GET / HTTP/1.1 > Host: www.trekpc.ca > User-Agent: curl/7.54.0 > Accept: */* > < HTTP/1.1 200 OK < Server: nginx/1.10.3 (Ubuntu) < Date: Fri, 02 Nov 2018 07:59:34 GMT < Content-Type: text/html; charset=UTF-8 < Transfer-Encoding: chunked < Connection: keep-alive < Link: <https://www.trekpc.ca/wp-json/>; rel="https://api.w.org/" < Link: <https://www.trekpc.ca/>; rel=shortlink < <!doctype html><html lang=".. (what I expect to see)