525 error, certificate from Let's Encrypt, home server (nginx)

I added tracuuthuho.cf into cloudflare. Set SSL mode to Full
i have certificate from Let’s Encrypt by certbot
525 error
when i access url: https://home.tracuuthuho.cf -> it’s working
when i access url: https://tracuuthuho.cf -> 525 error
I do not know how to fix
please help me !

Dns settings:
A - home - ip public - DNS only
A - tracuuthuho.cf - ip public - proxied
CNAME - www - home.tracuuthuho.cf - proxied
Page rule
tracuuthuho.cf/* - 301 - https://www.tracuuthuho.cf/$1
My Nginx setting:

server {
    listen *:80;
    server_name tracuuthuho.cf www.tracuuthuho.cf home.tracuuthuho.cf;
    return 301 https://$http_host$request_uri;
}

upstream tracuuthuho {
    server localhost:5001;
}

server {
        listen                  *:443 ssl;

    server_name tracuuthuho.cf www.tracuuthuho.cf home.tracuuthuho.cf;
    ssl_certificate /etc/letsencrypt/live/tracuuthuho.cf/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/tracuuthuho.cf/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


    location / {
            root /var/www/tracuu/;
            proxy_pass https://tracuuthuho;
            limit_req  zone=one burst=10 nodelay;
    }

}

File /etc/letsencrypt/options-ssl-nginx.conf

ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-
AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-
AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-
SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA
-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-
AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-
SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-
GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";

Oh, i have solved this problem.
My solution: set CNAME www -> DNS only

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.