525: SSL handshake failed


#1

I installed certbot and got certificate for my domain, but still i get 525: SSL error handshake failed.
Do I have to do any additional steps after getting certificate on cloudflare side, so i can have encrypted connection from my server to cloudflare?


#2

It appears to be an issue with your origin server, I’m not able to connect bypassing Cloudflare and going direct to origin either.

curl -Ikv --resolve your.domain:443:your.server.ip.address https://your.domain

  • Added your.domain:443:your.server.ip.address to DNS cache
  • Rebuilt URL to: https://lyour.domain/
  • Hostname your.domainl was found in DNS cache
  • Trying your.server.ip.address…
  • TCP_NODELAY set
  • Connected to your.domain (your.server.ip.address) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
  • successfully set certificate verify locations:
  • CAfile: /usr/local/etc/openssl/cert.pem
    CApath: /usr/local/etc/openssl/certs
  • TLSv1.2 (OUT), TLS header, Certificate Status (22):
  • TLSv1.2 (OUT), TLS handshake, Client hello (1):
  • error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
  • Curl_http_done: called premature == 1
  • stopped the pause stream!
  • Closing connection 0
    curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

#3

And do you have any clue where i might have made a mistake?
I it something with Apache configuration?


#4

ok! I get it now! It works!
Thanks


#5

If you wouldn’t mind posting what you changed to help others it would be most appreciated.


#6

Ok, the solution to my problem was that I messed up file names.
Apparently apache wasn’t loading virtualhost file, which is what caused the problem.
For my configuration in /usr/local/etc/apache24/Includes
I change the name with virtualhost configuration from mydomain to mydomain.conf and that solved the problem.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.