522 error with nginx on aws lightsail when using Cloudflare origin CA

I recently created a lightsail instance with LEMP stack, so nginx, and it works fine over http, but I get a 522 error when trying to create end to end encryption with Cloudflare origin CA.

This is my server block (which is a copy of a configuration which works on another vps…):

server {

server_name subdomain.domain.com;
root /var/www/subdomain.domain/public_html;

index index.html index.htm index.php;

location / {
    try_files $uri $uri.html $uri/ =404;

location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;

location ~ /\.ht {
    deny all;

listen [::]:443 ssl;
listen 443 ssl;
ssl_certificate /etc/ssl/domain/cert.pem;
ssl_certificate_key /etc/ssl/domain/key.pem;
ssl_client_certificate /etc/ssl/cloudflare.crt;
ssl_verify_client on;


server {

listen 80;
listen [::]:80;

server_name subdomain.domain.com;
return 301 https://$host$request_uri;


All the key and certificate files exist in those directories and certificate should cover the domain and subdomain. So does anyone know where the issue may be?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.