525 error despite SSL strict mode not enabled

Hey, I’ve been getting an intermittent 525 error on https://eola.co
It seemed to be happening to roughly 1 in every 50 requests. I think it’s managed to fix itself now (which I think is actually more concerning). The only thing that I touched when trying to fix it was trying to downgrade the SSL type from Full (non-strict) to Flexible. I immediately changed it back. I hope that wasn’t the “fix”.

It was never in strict mode, and regardless, the origin web server does have a cloudflare origin certificate installed.

I didn’t see anything on Cloudflare’s status reporting that seemed to be related to an SSL problem, and Heroku wasn’t reporting anything either. I haven’t touched the SSL setup for about a month. We use Argo.

Any guidance on what might have happened or how to prevent this in future would be ideal.

If you have an Origin certificate you should actually have it on “Full strict”. That is the only secure combination anyhow.

525s are covered at Community Tip - Fixing Error 525: SSL handshake failed and suggest your server’s SSL configuration is/was broken for some reason. You might want to enhance your server’s log level to also log SSL errors, that should then help you to find why a particular connection broke.