525: SSL handshake failed

I installed certbot and got certificate for my domain, but still i get 525: SSL error handshake failed.
Do I have to do any additional steps after getting certificate on Cloudflare side, so i can have encrypted connection from my server to Cloudflare?

It appears to be an issue with your origin server, I’m not able to connect bypassing Cloudflare and going direct to origin either.

curl -Ikv --resolve your.domain:443:your.server.ip.address https://your.domain

  • Added your.domain:443:your.server.ip.address to DNS cache
  • Rebuilt URL to: https://lyour.domain/
  • Hostname your.domainl was found in DNS cache
  • Trying your.server.ip.address…
  • TCP_NODELAY set
  • Connected to your.domain (your.server.ip.address) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
  • successfully set certificate verify locations:
  • CAfile: /usr/local/etc/openssl/cert.pem
    CApath: /usr/local/etc/openssl/certs
  • TLSv1.2 (OUT), TLS header, Certificate Status (22):
  • TLSv1.2 (OUT), TLS handshake, Client hello (1):
  • error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
  • Curl_http_done: called premature == 1
  • stopped the pause stream!
  • Closing connection 0
    curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
1 Like

And do you have any clue where i might have made a mistake?
I it something with Apache configuration?

ok! I get it now! It works!
Thanks

If you wouldn’t mind posting what you changed to help others it would be most appreciated.

Ok, the solution to my problem was that I messed up file names.
Apparently apache wasn’t loading virtualhost file, which is what caused the problem.
For my configuration in /usr/local/etc/apache24/Includes
I change the name with virtualhost configuration from mydomain to mydomain.conf and that solved the problem.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.