525 means your hosting / origin didn’t present the SSL certificate, which is required for SSL (Full) mode.
To debug this (and the previous issue), you need to connect directly to the origin and double check whether the origin server is actually returning the right content over the right protocol for the right hostname. You can do this by running these curl commands (replace 1.2.3.4 with your origin IP that you’ve used as a target in DNS records):
Once you make your origin return 200 OK with the right content for each of those requests, your current setup at Cloudflare will start working automatically.