Community Tip - Fixing Error 525: SSL handshake failed

Error
Try the suggestions in this Community Tip to help you fix Error 525: SSL handshake failed.

Background
Error 525 indicates that the SSL handshake between Cloudflare and the origin web server failed. This only occurs when the domain is using Cloudflare Full or Full (Strict) SSL mode. This is typically caused by a configuration issue in the origin web server, when this happens, you’ll see “Error 525: SSL handshake failed”.

Screen Shot 2022-01-27 at 12.55.03 PM

Quick Fix Ideas

  1. If you are a site visitor, report the problem to the site owner. Neither this Community nor Cloudflare Support can assist you. Cloudflare Support only works with the verified owner of the domain.

  2. Make sure you have a valid SSL certificate installed on your origin server1.

  • To display your origin certificate, replace 203.0.113.34 with the origin IP address of your web server & replace www.example.com with your domain and host name:

$ curl -svo /dev/null https://www.example.com --connect-to ::203.0.113.34 2>&1 | egrep -v "^{.*$|^}.*$|^* http.*$"

  1. Check with your hosting provider to make sure they’re listening on port 443/whatever other port you are using.

  2. Check to make sure your origin server is properly configured for SNI.

  3. The cipher suites that Cloudflare accepts and the cipher suites that the origin server supports do not match. Review the cipher suites your server is using to ensure they match what is supported by Cloudflare. A cipher suite is a set of algorithms that help secure a network connection that uses Transport Layer Security (TLS) or its now-deprecated predecessor Secure Socket Layer (SSL). The set of algorithms that cipher suites usually include: a key exchange algorithm, a bulk encryption algorithm, and a message authentication code (MAC) algorithm.

  4. If you are the site owner and you’re only seeing errors intermittently, this suggests the TCP connection between Cloudflare and your origin is being reset during the SSL handshake causing the error. Ask your hosting provider/system administrator to check if there are any server issues. Reviewing your webserver access/error logs would be a good place to locate this information.

  5. Note that Apache must be configured to log mod_ssl errors and nginx includes these errors in its standard error log, but it may be necessary to increase the log level.

  6. Pause Cloudflare or update your local hosts file to point directly at your server IP to test that your server is presenting a SSL certificate. If you do not have a certificate installed on your server you can generate one using our Origin CA certificates. This is a free certificate for the purpose of encrypting the connection between Cloudflare and your web server, so that you do not need to purchase a certificate.

  7. If you cURL to the origin on port 443 and receive the error error:1408F10B:SSL routines:ssl3_get_record:wrong version number, disable TLS 1.3 on the Edge Certificates tab of the SSL/TLS app on the Cloudflare dashboard. To determine what TLS version is currently supported, use the following cURL command, replace MYORIGINIP with the IP address shown on the A record of your DNS app in the Cloudflare dashboard and www.example.com with your domain:
    $ curl -svo /dev/null https://www.example.com --connect-to ::MYORIGINIP 2>&1 | egrep -v "^{.*$|^}.*$|^* http.*$"
    Test a specific TLS version by adding one of the following options to your cURL:

  • –tlsv1.0
  • –tlsv1.1
  • –tlsv1.2
  • –tlsv1.3

Lite Reading
https://support.cloudflare.com/hc/en-us/articles/115003011431#525error

Community Tutorial

Learning Center
What Is SSL? | SSL and TLS

Background Resources
Help Center
YouTube

Research The Issue
Community
Google

Security Option
If you need a deeper subdomain with HTTPS, such as www.subdomain.example.com, then you should consider Advanced Certificate Manager, to cover more than one level of subdomain, remove Cloudflare branding from the Universal certificate, or adjust the shortest certificate lifespan.

If You Need More Help
This community of other Cloudflare users may be able to assist you, login to Cloudflare and post your question to the Community. When you post on the Community make sure to include as much of this information as possible: the specific error message you are seeing, the URLs this is happening on, screen shot of the error, and the steps to reproduce the error. Please indicate what troubleshooting steps you’ve tried in order to help us help you.

This is a Cloudflare Community Tip, to review other tips click here.

Çevirme…traduzir…翻译…traducir…Traduire…Übersetzen…:greyg: Translate this Tip

FXHFCT 103119


1Caveat: When checking the origin server, the insecure -k option needs to be used to skip general unknown CA SSL certificate problem: unable to get local issuer certificate errors which are expected if you are using a Cloudflare Origin Certificate. For example:

Not using insecure option:

$ curl -svo /dev/null https://dev-empresas.sodimac.cl --connect-to ::35.236.227.162
* Connecting to hostname: 35.236.227.162
*   Trying 35.236.227.162:443...
* TCP_NODELAY set
* Connected to 35.236.227.162 (35.236.227.162) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [805 bytes data]
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
} [2 bytes data]
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0

Using insecure option:

$ curl -svo /dev/null https://dev-empresas.sodimac.cl --connect-to ::35.236.227.162 -k
* Connecting to hostname: 35.236.227.162
*   Trying 35.236.227.162:443...
* TCP_NODELAY set
* Connected to 35.236.227.162 (35.236.227.162) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [805 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [78 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: O=CloudFlare, Inc.; OU=CloudFlare Origin CA; CN=CloudFlare Origin Certificate
*  start date: Apr 23 05:06:00 2019 GMT
*  expire date: Apr 19 05:06:00 2034 GMT
*  issuer: C=US; ST=California; L=San Francisco; O=CloudFlare, Inc.; OU=CloudFlare Origin SSL ECC Certificate Authority
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x556fbeff5880)
} [5 bytes data]
> GET / HTTP/2
> Host: dev-empresas.sodimac.cl
> user-agent: curl/7.68.0
> accept: */*
> 
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [230 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [230 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 2147483647)!
} [5 bytes data]
< HTTP/2 404 
< date: Fri, 22 Jul 2022 11:20:49 GMT
< server: istio-envoy
< 
{ [0 bytes data]
* Connection #0 to host 35.236.227.162 left intact
3 Likes
525 error - called Godaddy and was told the issue is with Cloudflare
Ssl handshake faild
# Error 525 <small>Ray ID: 514731ee394ec410 • 2019-09-11 05:20:53 UTC</small> ## SSL handshake failed
Ssl not working for my subdomains
My website is not showing
CloudFlare SSL Handshake (525)
SSL Problems Handshake Error, Activate Certificates?
Subdomain 525 Error
How to configure a port in cloudflare
Intermittent 525 and 503 errors
525 error SSL handshake
Cloudflare problem urgents please
SSL Error 525 with Rails and Heroku
SSL Handshake Failed (cgpproducts.com)
SSL HandShake Failed | Error 525
Apologies if same issue reported - Godaddy error 525
Randomly getting Error 525 each day or each few days
Unusual 525 error with website
I am getting 525 handshake error and when I did a search on whynopadloack.com every thing is alright
Help Known Issues
Ssl handsake failed
Error 525 SSL Handshake With LightCMS Failed
I can't open my website after using CF
I think that my cloud not working at all
Getting Error 525 even though no changes were made
DNS and Blogspot custom domain
Secure connection failed
Cannot connect subdomain to Google Sites
How to fix Error 525 SSL handshake failed
Cannot connect subdomain to Google Sites
Error 525 with ovh
SSL 525 error
ERROR 525 / SSL handshake failed
Error 525 - SSL Handshake Fail + Spike in Traffic
Get error 525
Website not working Error 525
Error 525 I can't access my page
Error 525 SSL failed
Text boxes of payment gateway plugin inactive
Community Tip - Helpful Links, on Display
SSL Handshake Error?
525 SSL Handshake Errors
WebSocket issue WSS
Connection to this is not secure?
Randomly getting Error 525 each day or each few days
Error 526 Invalid SSL certificate (running nginx)
Error 525 : SSL Handshake failed
Subdomínio
Getting 525 error for my site
SSL handshake failed - Error 525
525 SSL handshake failure
DNS record seem to not being propagated properly
Cloudflare/HaProxy - Error 525 - SSL Handshake Failed
I have problem with payment system and show this problem
Authenticated Origin Pulls - Handshake failed
Just Too much Issues In Free Services
Emergency - site is down
This site can’t be reached hetmoederbedrijf.com
Ssl handshake fail
Error 525 SSL handshake failed after activation
Random 520/525 error codes started today
My site is still 'not secure'
Ubuntu 18 on AWS using Nginx and Cloudflare
Errors 525/522 but only to my IP
SSL Certificate isn't getting recognised Full (Strict)
Intermittent 525 SSL
High latency through Cloudflare proxy in Canada
Error 525 Ray ID: 57c47a461f5c73d1 • 2020-03-30 20:11:26 UTC SSL handshake failed
I created a Cloudflare account... How do I add my hosting to it?
Error 520/525/502
コミュニティのヒント - エラー525:sslハンドシェイクに失敗しました
Visibility
Error 525 Showing on my Website
CommunityTip - Preguntas frecuentes sobre seguridad
CommunityTip - Solucionar el error 525: Ha fallado el protocolo de enlace SSL
Help error 525 y 520
Ahmadimado.net/dashboard
I am facing 525 ssl handshake failed error
I always take Error 525
New 525 Error
Help With ERR_TOO_MANY_REDIRECTS
Unsupported SSL Certificate issue
Https not working Error 525
There are always errors on my website 503 and error 525 errors
525 error under selenium webdriver test (ruby capybara)
It appears that the SSL configuration used is not compatible with Cloudflare
SSL And HTTPS Not Working
IP address of cloudflare server when displaying error message
No "Free" with SSL
Status 521
525 Errors happens regularly today on http call for resources
My StoreEnvy customer site down with a 525 error
Error 525 SSL handshake failed blogger
525 Errors happens regularly today on http call for resources
Https error 525
Redirecionar para ip diferente via registro A / AAAA com subdominio
Website not working on http to https
SSL handshake failed!
Error 525 - need clarification
I paused cloudflare for my site, will APO also be paused? Or APO will run seperately?
Not getting SSL Cert
Website speed is not inscreing
Host error
Domain is not working - Shows an Error!
Intermittent 525 ssl handshare error
SSL Full encryption not working
525 error despite SSL strict mode not enabled
Purecareers.in
Google admin
SSL Handshake failed with my subdomain
How to solve Error 525?
Error 525 (SSL handshake failed)
Ssl handshake error on subdomains
Run 2 scheduled workers within 5 seconds of each other
525 Handshake error blogger + cloudflare + godaddy domain
"www" subdomain not working for my website
How to fix issue "Error 525: SSL handshake failed"
Universal SSL not turning on
Error 525 while accessing website vmcloudguru.com
Istanbul cloudflare errors 525 but frankfurt doesn't
Error 521 (10 chars)
Fixing Errors 521 and 525! (Tutorial)
The Speed test can’t run
GTmetrix and 500 message caused by cloudflare - how do I fix?
SSL handshake failed/Error 525
Initial set up and Error 525 - SSL Handshake failed
Some of your DNS only records are exposing IPs that are proxied through Cloudflare. Make sure to proxy all A, AAAA, and CNAME records pointing to proxied records to avoid exposing your origin IP
SSL handshake 525 error
SSL handshake failed! (randomly)
SSL handshake failed! (randomly)
## SSL handshake failed & Host Error
ERROR 525 - HOST error
Error 525?
Two website to one server
Increased HTTP 5xx Errors in India
Site stopped working on full/strict setting but works on flexible
Increased HTTP 5xx Errors in India
SSL handshake failed 525
How can I resolve a 525 error for my glide app on a subdomain of my website?
Please help, my website shows an error 530
Error 525 • 2020-12-12 02:42:28 UTC SSL handshake failed
Error 520. Web server is returning an unknown error
Stick in ssl errors
Https://egytv.ml/
Is Cloudflare throttling our county's Covid Vaccine appointment website?
Webflow Steup
Community Tip - Alle veröffentlichten Tipps
Community Tip - Sicherheits-FAQ
No redirect or SSL on subdomain
Error 525 Hand shake failed between cloudflair and domain
Not accepting the operation of my site
CommunityTip - セキュリティに関するFAQ最初にお読みくださ
Unable to connect the certificate with my cpanel
525 "SSL handshake failed" - 524 "a timeout occurred" - Hostgator
5XX error from Canadian Edge Systems
5XX error from Canadian Edge Systems
Error: Origin SSL Handshake Error (525)
ERROR 525 - SSL handshake failed -
Error: Origin SSL Handshake Error (525)
Bulk redirect stopped working
Bulk redirect stopped working
Infintyfree subdomain
525 errors on site, registration unknown
SSl Error facing
Getting SSL error 525 after enabling the email routing beta
Getting SSL error 525 after enabling the email routing beta
Error 525 I can't access my page
Hello, I need Emergency help here
I have attached my web with shopify and it is still not secured
How I can Disable Firewall?
Can't find Second A Record
Error 525 on my websites
Error 525 on my websites
Error: Origin SSL Handshake Error (525)
SSL for SaaS handshake issue
Error 525 server with cloudflare
How to setup WSS?
Www.khabarnaihai.com Stopped working after changing nameservers
Www.khabarnaihai.com Stopped working after changing nameservers
Www.khabarnaihai.com Stopped working after changing nameservers
Dicas da comunidade - Correção de Erro 525: Falha do handshake SSL
Dicas da comunidade - Perguntas Frequentes de Segurança
New 525 Error
New 525 Error
New 525 Error
Error 526 even though I've used Cloudflare Origin Certificates
525 Error Code
525 Error Code
Cloudflare Shows Error 525 on GoDaddy Wordpress
New 525 Error
Rarely error 525 SSL handshake failed
Rarely error 525 SSL handshake failed
Need help with DNS
39% Error rate for Error 525s
39% Error rate for Error 525s
39% Error rate for Error 525s
39% Error rate for Error 525s
New 525 Error
When i change the hosting to cloudflare it shows the SSl handshake error
When i change the hosting to cloudflare it shows the SSl handshake error
39% Error rate for Error 525s
Error 525 SSL handshake failed multiple sites
Certificate Erro 525
New 525 Error
New 525 Error
After changing name servers from godaddy to cloudflare header image stopped working
New 525 Error
New 525 Error
New 525 Error
New 525 Error
I'm getting Error 525 Ray ID: 6f96a0f009dc2aba • 2022-04-09 22:20:12 UTC SSL handshake failed
Website is not Registered
New 525 Error
New 525 Error
SSL certificate with domain to ip:port
525 Error (Handshake failed)
Go Daddy connection To Blogger SSL Handshake Issues
525 Error (Handshake failed)
Error 525, SSL handshake failed
Error 525 SSL handshake failed multiple sites
ERROR 525 all of the sudden, how to contact to reboot server?
Domain from Google and Website hosted on Godaddy
Random Error 525 - SSL handshake failed
Error 525, 526 for CNAME using full(strict) mode
Error 525 SSL handshake failed multiple sites
CloudFlare name server websites down and other with direct name server working!
520 error tenten
Error 525 while pointing to Google sites
Error 525 while pointing to Google sites
Error: Origin SSL Handshake Error (525)
525 error, Ionos Hosting
525 error, Ionos Hosting
Error 525 SSL handshake failed with gitlab page
Wordpress.com - Cloudfare - To many recdirects
Wordpress.com - Cloudfare - To many recdirects
525 SSL handshake failed
CommunityTip - Khắc phục lỗi 525: Không thể thực hiện quá trình xác nhận và giao tiếp SSL
Nginx with mutiple domains failed to acess mutiple SSL certification
Nginx + SNI = 525 NEED HELP
SSL Handshake Failed 8443 Port
Error sll...please help
Google sites and CLOUDFLARE DNS
SSL 525 problem when calling an API from Cloudflare Worker
SSL 525 problem when calling an API from Cloudflare Worker
525 handshake failed
Browsing internally is shows the site as unsecured?
526 error on SSL FULL STRICT (ORIGINAL CERTIFICATION )
Universal SSL certificate matches wrong IP (Error 525)
5XX errors for accessing some websites in USA
5XX errors for accessing some websites in USA
Website access going up and down this afternoon
525 handshake failed
Error 524,525
Error 525, 526 for CNAME using full(strict) mode
Error 526 even though I've used Cloudflare Origin Certificates
社區提示 - 安全性常見問題
Dicas da comunidade - Todas as dicas
I am trying to open mail.empyreanms.com but it gives me Error
Https Request / SSL Not Working
Https Request / SSL Not Working
社區提示 - 修復「錯誤 525:ssl 交握失敗」
Loading balance 525
525 error on proxied site
Ssl encryption mode
Error 525 SSL handshake failed You
Error 525 SSL handshake failed You
Ssl encryption mode
Random 522 and 525 Errors on some days
Configuring Blogger with Cloudflare - SSL issues
TipsKomunitas - Memperbaiki Kesalahan 525: Handshake SSL gagal
TipsKomunitas - Pertanyaan Umum Keamanan
Cloudflare broke my site but I need to use it
Cloudflare broke my site but I need to use it
CommunityTip - Câu hỏi thường gặp về bảo mật
SSL is not working on my website
커뮤니티 팁 - Error 525: SSL handshake failed 해결
500 Internal Server Error for all CF sites
เคล็ดลับชุมชน - การแก้ไขข้อผิดพลาด 525: กระบวนการแฮนด์เชค ssl ล้มเหลว
I’m getting Error 525
เคล็ดลับชุมชน - คำถามที่พบบ่อยเกี่ยวกั บการรักษาความปลอดภัย
المنتجات الرقمية | Designo Art
How to prevent 525 error after typing a URL without www
How to prevent 525 error after typing a URL without www
How to prevent 525 error after typing a URL without www
525 for one virtual host but not the other
525 for one virtual host but not the other
コミュニティのヒント - 公開されているすべてのヒント
SSL Handshake Error - 525 error - 534 error - invalid site
SSL Handshake Error - 525 error - 534 error - invalid site
CommunityTip - Um den Fehler 525: „SSL handshake failed“ zu beheben
Random 525 Error
525 Error via Podia
社区提示 - 安全常见问题
社区提示 - 所有提示
Question About ''SSL''
社区提示 - 修复错误 525:ssl 握手失败
Random 525 Error
커뮤니티 팁 - 보안 faq
I need help on this SSL handshake failed
I need help on this SSL handshake failed
CommunityTip - FAQ sur la sécurité
CommunityTip - Tous les conseils
My SSL is again deactive automatically
CommunityTip - Correction de l'erreur 525 : Échec de la poignée de main SSL
Consigli della community - Risolvere Error 525: SSL handshake failed
Website and webmail was not operational yesterday 27.07.22
Website and webmail was not operational yesterday 27.07.22
Error 525 SSL handshake failed on my website
Error 525 SSL handshake failed on my website
Error 525 SSL handshake failed on my website
Error 525 SSL handshake failed on my website
Error 525 SSL handshake failed on my website
SSL handshake fail error 525
SSL handshake fail error 525
SSL handshake fail error 525
Cloudflare Error 525 Recently
Website "ERR_TOO_MANY_REDIRECTS" after switching link from https from http
Error 525 Ray ID: 73a86748fdd9f417 • 2022-08-14 08:43:32 UTC
Error 525 Ray ID: 73a86748fdd9f417 • 2022-08-14 08:43:32 UTC
Page not loading 524 + 525 errors
Page not loading 524 + 525 errors
Cloudflare 1.1.1.1 WARP when using program it causes ''Error 525 SSL Handshake Failed''
How to work with CyberPanel + Let's Encrypt + SSL Cloudflare?
Error 525 first from India en Pakistan and now for our site
Erro ao ativar criptografia SSL Completo
Erro ao ativar criptografia SSL Completo
Error 5xx log page admin
Error 404 not found (and 525)
Error 525: SSL Handshake Failed - IP address not reflecting properly
Error 525 When SSL Set To FULL
New SSL certificate working for 2 weeks, now get 525 error
ERR_SSL_PROTOCOL_ERROR and Error 525 SSL handshake failed
Error 502 after installing Lets Encrypt on Digital Ocean VPS
Getting 403 when trying to make insecure REST from a worker code
API isn't accessible via HTTPS domain (Cloudflare Error 525) however frontend is accessible
Error 525 on domains using Origin CA certs
Create sub-domain, SSL handshake failed Error code 525?
CF network latency
Create sub-domain, SSL handshake failed Error code 525?
"www.mathforschool.xyz redirected you too many times"
"www.mathforschool.xyz redirected you too many times"
Error 525 on domains using Origin CA certs
Error 525 on domains using Origin CA certs
525 SSL handshake with IONOS hosted site
525 SSL handshake with IONOS hosted site
How to get alerted if CF error 525 SSL handshake occurs?
Too many redirects how do i fix
Spurious HTTP 525 Errors After Replacing Origin Cert
ManageWP receiving 525 statuscode from Cloudflare
How to fix 525 error?
Blank site
SSL not working on desktop
How to fix 525 error?
Советы сообщества - Исправление ошибки 525: не удалось установить SSL\-квитирование
Советы сообщества - Часто задаваемые вопросы о безопасности
CommunityTip - Security FAQ Read Me First
SSL/TLS Flexible and Full setting not working
I can't access my site
Error 525 Problemm
Error 505 SSL handshake failed
Problems with redirects
SSL handshake failed with Nginx ubantu 10.0
Web server changed. 525 error
SSL Certificate?
Error 525 and Error 520
Сменил DNS у регистратора доменов но сайт не заработал
Cloudflare active website is not available
Help, site is not working, please help
520 Error with WordPress Divi Builder
DNS & Network
Unstable service
How many 525 errors am I getting?
Cant able to fix Error 525
Gmail mail.*yourwebsite*.com no longer works with cloudflare
Cant set up Port
DNS will not resolve to IPv4
Need Help Setting up Strict SSL
Community Tip - All Published Tips
Ssl error subdomain
My Website is down after changing to CloudFlare Nameservers
More than 50% 525 Errors - Need technical help
Website looking like raw HTML
Issues pointing my domain in Cloudflare to my Google Site (new google sites)
More than 50% 525 Errors - Need technical help
From error 525 to Red https is this progress?
Error 525! Please help
Intermittent 525 SSL Handshake Error