525 SSL handshake error is haunting me!


#1

I have had a perfectly functional site established for years and suddenly get a 525 error saying the problem is with my hosting company. My hosting company, Network Solutions, said everything is fine on their end, and it might be the shared SSL with Cloudflare.

Any idea on who I can turn to and get this resolved? My website is totally inaccessible now.

Thanks one million times to anyone that helps!


#2

Check the following

The most common causes of consistent 525 errors are as follows:

The origin server does not have a certificate installed.
The origin server is not listening on port 443 (or other custom secure port).
The origin server does not support or is not configured properly for SNI.
The cipher suites that Cloudflare accepts and the cipher suites that the origin server supports do not match.

You said “for years”. Can you check if your origin cert has expired?

Try to set your SSL settings to full and see if this helps


#3

Heh… I am going to guess that you are using Full (Strict) in your crypto settings and the SSL cert on your origin is expired (and that your hosting provider is incorrect).

Can you try changing the setting to Full instead of full strict. If it suddenly starts working, that is almost certainly the case.


#4

Same here, had a perfectly functional site established for 6 months and suddenly get a 525 error saying the problem is with my hosting company. My hosting company, Register.com, said everything is fine on their end, and it might be the shared SSL with Cloudflare.


#5

origin server says SSL is not expired and saying they need to know from Cloudflare side what they are see is wrong otherwise they are shooting in the dark,


#6

You could try doing:

curl -v --resolve example.com:443:[your origin IP] https://example.com

Based on the result we could understand a bit more.


#7

If you go to the Cloudflare DNS tab and :grey: your domain, does it work?

You can :grey: bypass your domain for 10 minutes while you check, then :orange: it again. Keep in mind that TTL is about 5 minutes so it might take a few minutes for the :grey: to take effect.


#8

Unfortunately I believe they are incorrect…

curl -Ik --resolve www.crazyfatness.com:443:your.origin.ip.here https://www.crazyfatness.com

Results in the following error:

curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

If you replace crazyfatness with the name of your website in both places on that command and enter the IP address of your actual origin server you can reproduce the error yourself. And that’s bypassing Cloudflare directly to talk to your origin.

I guess it could be possible you’re pointing to the wrong origin server, your host could tell you that I suppose. Or they can give you an output from a test which demonstrates everything is fine on their end and we’d be happy to take a look. :slight_smile:


#9

Hi doug1,
I can confirm this story as I have exactly the same problem, using Network Solutions and cannot figure out who can resolve the problem as yet.
None of the suggested “fixes” in the Cloudflare dashboard have been effective and I am pretty sure(especially after seeing your post that the problem is with NS :frowning:


#10

Also an issue on the origin server. Using another command line tool in addition to the command above:

openssl s_client -connect you.origin.ip.address:443

returns:

CONNECTED(00000003)
140735994991496:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/libressl/ssl/s23_clnt.c:541:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 318 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated

So there is no certificate on the origin server or the webserver itself is misconfigured re: the certificate. Unfortunately it’s an issue the maintainer of the origin server needs to solve.


#11

Wow, this seems to be an illusive problem, causing considerable time and expense for me…along with a website down. I have some peeps working on it and will share anything I find…and hope others may do the same.


#12

doug1, does your website use Wordpress?
NS have sent me a solution for my WP problem(I think it has worked, slowly getting functionality back) although I do not understand why the site has been fine for 3 months using the previous settings.


#13

Yes mark8, I have a wordpress site using a Vamtam theme.


#14

Doug1,

This is what NS sent me and it was true to an extent. Doing the following did at least get me back on-line although I have a few other problems with the hosting still. Note that to confuse thongs even more I have SSL configured using Cloudflare as well. I don’t think that is relevant to the problem though.

This may “not” apply to your situation but it was working perfectly well till recently using the standard instructions from Wordpress, which no longer seem to work at NS:

“The issue is with the way your site is configured. Your content is in /htdocs/wordpress but your domain points to /htdocs with the index.php pointing to the /htdocs/wordpress directory. That combined with the way your site is setup is causing the error. Your site can be reached here http://mysite.com/wordpress/. To fix your site you should first login to WordPress here http://mysite.com/wordpress/wp-login.php or into the database and modify the WordPress URL and site URL to http://mysite.com. Once you do that you should reassign your domain to point directly to the /htdocs/wordpress folder. Alternatively, you can call us at the numbers below to purchase our MyTime support for us to do this for you.”

Yeah, right L

I did all they said and now I can at least load my website and access the Dashboard. I had to directly modify the WP settings in the database to make the changes since it was impossible to access the WP dashboard. I am still suspicious that they have done some weird things to their hosting as this configuration had been working for 3 months and I still cannot use the Visual Editor in WP for some reason despite trying many “fixes”

Good luck,

Mark W


#15

This topic was automatically closed after 14 days. New replies are no longer allowed.