525 for one virtual host but not the other

I have two virtual hosts on the same web server. One of them works, the other one gives me a 525. The troubleshooting guide says to check in w/ your hosting provider. I did and they said it worked on their end.

Does the one that gives a 525 work when you set the record to DNS only (:grey:)?

I just turned encryption mode from full to off and it worked. Is that what you mean?

No, that means you’ve turned off HTTPS in general and everything will be sent over unencrypted HTTP.

Set that back to Full (Strict) - I’m referring to the orange/grey cloud when you’re making or editing a DNS record.

I did re-enable it after I tried it. I understand you to mean that you want me to disable the proxy on the A record. Now I’m getting ERR_CONNECTION_CLOSED. Perhaps I didn’t wait long enough?

I hope I don’t sound snippy. I appreciate the help!

Actually, https:// was giving me the closed connection. Unencrypted http:// worked

It looks from here like there is “something” (can’t tell what) wrong with the SSL configuration on your origin server. The error message indicates that the connection user → Cloudflare is working but the connection Cloudflare → your server is giving an SSL error. I don’t believe your host when they say it works on their end. Is this a managed hosting, or a VPS that you administer yourself?

If it’s managed hosting, disable Cloudflare’s proxy and go back to them and tell them it doesn’t work via HTTPS. If it’s your own server, also disable the proxy, but you’ll have to fix it yourself. With the proxy disabled, we can get a more descriptive error message.

It’s a vps. Sadly, I know the L, M and P, but not the A.

  1. why is it working for domain1 dot com but not domain2 dot com?
  2. can you explain what the proxy does like I’m 5?

Thanks!

ok, I googled proxy server so no need to answer 2.

When I visit https domain2 dot com apache does not seem to be logging anything, even at LogLevel debug

Here’s the conf for the site that doesn’t work

<VirtualHost *:80>
        ServerAdmin [email protected]
        DocumentRoot /var/www/golb.us/public_html
        ServerName golb.us
        ServerAlias www.golb.us
        ServerAlias peter.golb.us
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

and the conf for the one that does

<VirtualHost *:80>
        ServerAdmin [email protected]
        DocumentRoot /var/www/ccmjs.org/public_html
        ServerName ccmjs.org
        ServerAlias www.ccmjs.org

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

What else can I tell you?

these are the virtualhosts for http not https.
check for the ones that listen in 443

I copied /etc/apache2/sites-available/000-default.conf. Where do I find the virtual hosts for port 443? I amended <VirtualHost *:80> to <VirtualHost *:80 *:443> but that didn’t work.

you need to create a new VirtualHost with the configuration for the https
look for “How to setup https virtualHost on apache”
im not allowed to post any link
should look like this:

ServerAdmin [email protected]
DocumentRoot var/www
ServerName www.ssl-tutorials.com
ErrorLog www/home/logs/error_log
SSLEngine on
SSLCertificateFile /etc/ssl/ssl-tutorials_com.crt
SSLCertificateKeyFile /etc/ssl/ssl-tutorials.key
SSLCertificateChainFile /etc/ssl/ssl-tutorials_com.ca-bundle
</VirtualHost>```

<VirtualHost [IP ADDRESS]:443>
ServerAdmin [email protected]
DocumentRoot var/www
ServerName your_server_name
ErrorLog www/home/logs/error_log
SSLEngine on
SSLCertificateFile /etc/ssl/ssl-tutorials_com.crt
SSLCertificateKeyFile /etc/ssl/ssl-tutorials.key
SSLCertificateChainFile /etc/ssl/ssl-tutorials_com.ca-bundle

Now I have


SSLEngine on
SSLCertificateFile /etc/ssl/cloudflare/ssl.pem
SSLCertificateKeyFile /etc/ssl/cloudflare/ssl.key

and it connects, but it’s not secure.

I am afraid, this really is beyond the scope of the forum at this point. Please check out StackExchange or Reddit for webserver related questions.

Are you using a Cloudflare origin certificate? Those will not show as secure in a web browser, but will be recognized by Cloudflare.

I resolved the issue. muyfriki93 sent me down the correct path. Unfortunately, I don’t recall precisely what I did so we can’t tell the next person to look this up…

Thank you all for your help!

1 Like

Is your encryption mode back to Full Strict?

1 Like

They were on Full not Full Strict. Thank you!