522 with one domain name but not another

I’ve had a single domain name running on Cloudflare for a while, and last night I bought a second domain name and attempted to point it at the same server, where Nginx would serve as the reverse proxy and point things where they need to go. I’ve updated the DNS servers in my Google Domains account and waited around 19 hours or so, but I continue to get 522 timeout errors when I attempt to go to my new domain name.

Dig on my old domain:

; <<>> DiG 9.10.6 <<>> chrisrees.dev
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32659
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;chrisrees.dev.			IN	A

;; ANSWER SECTION:
chrisrees.dev.		300	IN	A	172.67.154.238
chrisrees.dev.		300	IN	A	104.28.25.231
chrisrees.dev.		300	IN	A	104.28.24.231

Dig on my new domain:

; <<>> DiG 9.10.6 <<>> alone-in-a-room.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4999
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;alone-in-a-room.com.		IN	A

;; ANSWER SECTION:
alone-in-a-room.com.	300	IN	A	104.24.122.66
alone-in-a-room.com.	300	IN	A	172.67.208.247
alone-in-a-room.com.	300	IN	A	104.24.123.66

Dig with NS on my old domain:

; <<>> DiG 9.10.6 <<>> NS chrisrees.dev
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40884
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 13

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;chrisrees.dev.			IN	NS

;; ANSWER SECTION:
chrisrees.dev.		9002	IN	NS	dan.ns.cloudflare.com.
chrisrees.dev.		9002	IN	NS	nina.ns.cloudflare.com.

;; ADDITIONAL SECTION:
dan.ns.cloudflare.com.	848	IN	A	108.162.193.108
dan.ns.cloudflare.com.	848	IN	A	172.64.33.108
dan.ns.cloudflare.com.	848	IN	A	173.245.59.108
dan.ns.cloudflare.com.	848	IN	AAAA	2606:4700:58::adf5:3b6c
dan.ns.cloudflare.com.	848	IN	AAAA	2803:f800:50::6ca2:c16c
dan.ns.cloudflare.com.	848	IN	AAAA	2a06:98c1:50::ac40:216c
nina.ns.cloudflare.com.	565	IN	A	172.64.32.136
nina.ns.cloudflare.com.	565	IN	A	173.245.58.136
nina.ns.cloudflare.com.	565	IN	A	108.162.192.136
nina.ns.cloudflare.com.	172	IN	AAAA	2a06:98c1:50::ac40:2088
nina.ns.cloudflare.com.	172	IN	AAAA	2606:4700:50::adf5:3a88
nina.ns.cloudflare.com.	172	IN	AAAA	2803:f800:50::6ca2:c088

Dig with NS on my new domain:

; <<>> DiG 9.10.6 <<>> NS alone-in-a-room.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1172
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 13

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;alone-in-a-room.com.		IN	NS

;; ANSWER SECTION:
alone-in-a-room.com.	19973	IN	NS	nina.ns.cloudflare.com.
alone-in-a-room.com.	19973	IN	NS	dan.ns.cloudflare.com.

;; ADDITIONAL SECTION:
nina.ns.cloudflare.com.	544	IN	A	173.245.58.136
nina.ns.cloudflare.com.	544	IN	A	108.162.192.136
nina.ns.cloudflare.com.	544	IN	A	172.64.32.136
nina.ns.cloudflare.com.	151	IN	AAAA	2606:4700:50::adf5:3a88
nina.ns.cloudflare.com.	151	IN	AAAA	2803:f800:50::6ca2:c088
nina.ns.cloudflare.com.	151	IN	AAAA	2a06:98c1:50::ac40:2088
dan.ns.cloudflare.com.	827	IN	A	172.64.33.108
dan.ns.cloudflare.com.	827	IN	A	173.245.59.108
dan.ns.cloudflare.com.	827	IN	A	108.162.193.108
dan.ns.cloudflare.com.	827	IN	AAAA	2803:f800:50::6ca2:c16c
dan.ns.cloudflare.com.	827	IN	AAAA	2a06:98c1:50::ac40:216c
dan.ns.cloudflare.com.	827	IN	AAAA	2606:4700:58::adf5:3b6c

Nginx config for the old domain:

erver {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name _;
	return 301 https://$host$request_uri;
}

server {
	# SSL configuration
	listen 443 ssl http2 default_server;
	listen [::]:443 ssl http2 default_server;

	include snippets/ssl-params.conf;
	include snippets/ssl-chrisrees.dev.conf;

	root /var/www;

	# Add index.php to the list if you are using PHP
	# index index.html index.htm index.nginx-debian.html;

	server_name chrisrees.dev www.chrisrees.dev;

	location = /robots.txt {
		allow all;
		log_not_found off;
		access_log off;
	}

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}
}

Nginx config for the new domain:

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	include snippets/ssl-params.conf;
	include snippets/ssl-alone-in-a-room.com.conf;

	root /var/www/alone-in-a-room/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;


	server_name alone-in-a-room.com www.alone-in-a-room.com;

	location = /robots.txt {
		allow all;
		log_not_found off;
		access_log off;
	}

	location / {
		try_files $uri $uri/ =404;
		# proxy_pass http://localhost:9099;
		# proxy_set_header Host $host;
		# proxy_set_header X-Real-IP $remote_addr;
		# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
}

Nginx doesn’t seem to be reporting any errors, so I’m a bit stumped on where else to look. Both domains also have the same IP address configured in an A record, and both of them are managed by ddclient on the server. Both domains also have a CNAME record configured for www that points to the domain. I don’t think it’s relevant, but both domains are also set up with Let’s Encrypt, and I have the correct cert files in the ssl-chrisrees.dev.conf and ssl-alone-in-a-room.com.conf files.

I feel like there’s something I’m missing, but it’s been a while since I did the setup for chrisrees.dev and I can no longer remember all of the steps. Any help would be greatly appreciated.

Left out some information:
The old domain (chrisrees.dev) appears to be using Full for the SSL setting.
The new domain (alone-in-a-room.com) appears to be using Flexible for the SSL setting.

I’ll go adjust the new domain and see if it solves anything

1 Like

Adjusted that and it instantly worked

1 Like

Thank you for letting us know, @serneum. Great catch!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.