525 error, Ionos Hosting

Hi there,

I have been caught up in a nightmare of a situation, and I hope this info helps someone else with a similar issue.

I have a website (Clutter Healing) that went down due to a “525 Handshake error” from Cloudflare; it has been working perfectly for over a year. No warnings, it just went offline. The site is hosted at Ionos, NS point to Cloudflare, and I used a Cloudflare generated certificate, installed in the server. This has worked perfectly for over a year.

The Cloudflare-generated certificate is showing as valid; the site can be pinged, everything is intact; it just won’t handshake.

I have also tried:
• dropping down from “strict” to “Full” - no success
• pausing Cloudflare - no success
• re-issuing the PEM & KEY, and re-installing - no success

Lastly, I tried to buy up a tier of support in Cloudflare, sine there is effectively zero support (other than in this forum… I hope someone can help me!). NO response to email or support tickets, and the site has now been offline for days. Please offer a paid tier of support!

My ONLY recourse now is to bypass Cloudflare altogether, use Ionos NS (they will ONLY issue their certificate if I use their NS…). IT WORKS. So, the problem is clearly with Cloudflare, but since I cannot get any help, support, or useful suggestions other than “look at the Help files” (which I did, and tried a number of unsuccessful changes) I can no longer reliably use Cloudflare.

So if I am forced to use Ionos NS to use an Ionos certificate, how would I use Cloudflare for the other services? I found a number of people with the same issue, and zero successful fixes. Has anyone come up with a solution?

Any help would be appreciated, this has been awful.

An SSL certificate for your site expired a few days ago:

I presume you have SSL mode set to Full (Strict), so the failure to renew the certificate on your Origin is the root cause. It looks like that cert was renewed earlier today.

Install a Cloudflare Origin Certificate on your Origin server.

https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/

Hi Michael, yes, I was previously set to Strict, tried to drop it down to Full per the Help suggestions… but that did not work at all.

The renewal today was due to the fact that I now bypass Cloudflare altogether: I had to disconnect Cloudflare NS, reestablish NS at Ionos, and install their certificate. It worked immediately.

My site is back up, but clearly I cannot use Cloudflare. and I don’t understand why it worked for a year, that then failed.

By the way, I did have a Cloudflare Origin Certificate generated & installed… and I even tried to generate a new one (PEM & KEY).

Thanks, I did go through a lot of this tutorial. Problem is, I contacted my webhost (Ionos) and they said it was a config issue at Cloudflare. I did try as much of this tut as I know how to do… some of it is way above my pay grade as I am not a web security tech.

What worked was not using Cloudflare, and that is not exactly the solution I was hoping for!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.