522 error on new VPS


I have moved a site to a new VPS.

Yesterday I received the email:

Your certificate (or certificates) for the names listed below will expire in 19 days (on 2024-05-20). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.

We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details.


It seems that there is some issue in the CF configuration.

When I try to renew the certificate with let’sencrypt I get a 522 error.

The same 522 happens when I make:

curl -i http://anahatatantra.com

HTTP/1.1 522 
Date: Wed, 01 May 2024 13:49:58 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 15
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VQPbi9LOouiypbHCt%2Ffu%2B6NkpTEIUvtAlbUmTWos64Mv7vs8k4WdG4e4VWwd%2BeyjRUQllfAjfhbcPcVLbPWJVcZVlSZqn%2FFPZfSc4T71PCE1g0w1fFNahcyiUEVHOVwpwH7Vsw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: cloudflare
CF-RAY: 87d03bf37860bfee-WAW
alt-svc: h3=":443"; ma=86400

error code: 522%

I have checked the page: Troubleshooting Cloudflare 5XX errors · Cloudflare Support docs and all seems to be ok…

I raised a topic also on Let’sencrypt forum, and it looks like it is related to Cloudflare.

Also a thing strange is that if I enter the site anahatatantra.com I see that the cert is issued by Google?
Is it something that CF is doing? It replaces the cert with a Google cert?

|Common Name (CN)|GTS CA 1P5|
|Organisation (O)|Google Trust Services LLC|

Can anyone please help?

This means the certificate you set up on your origin server needs renewing. You need to do that yourself.

The certificate isn’t replaced, that certificate is the one on the Cloudflare edge. Both that and your origin certificate are needed for the most secure configuration, see…

The 522 error means Cloudflare can’t connect to your server. Make sure you have set the new VPS’s IP address in your Cloudflare DNS, and that your VPS isn’t blocking Cloudflare’s IP addresses from connecting.


Error code 521

it’s now working. It turned out it what UFW that was blocking the connections for some reason…
But why only Cloudflare connections to http and not browser connection to files in the .well-known folder via http protocol?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.