522 on insecure setup

I am also confronted with Error 522 messages. Increasingly. I do not use Let’s Encrypt but flexible SSL provided by Cloudflare.

From my server side it looks ok. No load. Empty logs. When I do a traceroute on the sever IP it connects immediately. Not so when tracerouting the full domain name. Traceroute doesn’t go beyond the Cloudflare network. Traceroute also warns that my domain name has mutliple addresses. This may be due how the Cloudflare DNS proxy is structured. When I switch my Cloudflare DNS to ‘DNS only’ I can reach the site, without SSL, which of course defeats my purpose of using Cloudflare in the first place!!. From this I am pretty convinced the 522 issue is with Cloudflare, not with my ISP, hosting company, or server setup. I have been using the same setup for years now, and only recently the 522 error reared its ugly head.

When bypassing the DNS proxy I can access my site(s) without problem. The 522 error problem re-occurs when switching back to ‘proxied’

Are you the same person who made this post?

no. I am tagging into it as my use case looks very similar to the problem reported

Kindly, see here why there are issues while having a Flexible SSL:

Kindly, make sure to have proper SSL certificate at your host/origin server and turn on Full or even better Full (Strict) mode. @sandro could provide a good explanation why so.

Either use Cloudflare CA Origin certificate:

If the records are :orange: cloud, then yes, possible up to three IP addresses would return.

I am fraid it is not so.


If you use ‘flexible’ SSL then change it to Full (strict). That’s what made my day.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.