Connection timeout, unable to connect

stevet · January 14, 2025, 7:05pm

What is the name of the domain?

api ibrinc com

What is the error number?

N/A

What is the error message?

Connection timeout

What is the issue you’re encountering

A client has been unable to connect to our site, starting last week.

What steps have you taken to resolve the issue?

DNS looks good, it lists the Cloudflare IPs.
Telnet to domain port 443 gives connection timeout.
Client reports traceroute and ping fail 100% packet loss.
They have been able to connect to us before last week.

What feature, service or problem is this related to?

I don’t know

What are the steps to reproduce the issue?

I can’t reproduce it. Client can’t reproduce it with another machine on same network.
Development machine can nslookup and see Cloudflare IPs, but telnet to port 443, and wget/curl fail with connection timeout.

My guess is it sounds like a firewall issue on their side, but maybe I’m missing something? Any ideas on what else to try?

fritex · January 15, 2025, 1:18am

May I ask what known troubleshooting steps have you tried already regarding 522 error for your Website?

Was anything lately changed on the origin host/server or with firewall?

Does it work fine when Cloudflare is temporary Paused?

Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
The link is in the lower right corner of that page.
Give it five minutes to take effect, then make sure site is working as expected with HTTPS without any error

Is the origin SSL certificate still valid? Is your web server still listening to 443 port?

Are Cloudflare IP allowed to connect?

stevet · January 15, 2025, 8:35pm

I’m sorry, I should have said right up front that I didn’t think this was a Cloudflare issue. I still don’t, but I was desperate for ideas.

The 522 connection time out error - to be explicit, that is an error you would get from Cloudflare right? As in HTTP status code 522 with HTML? The client wasn’t able to even connect to the Cloudflare IP addresses. When trying telnet, they were never seeing the “Connected to” part. Curl was also unable to connect. I specifically asked client about what curl was saying, it was not getting 522, but timing out connecting (the TCP/IP part).

My first thought was something with the certificates from Cloudflare, which I checked. They upgraded back in November 2024, so it would have broke then, not now. Realistically processing the certificates happens further along the negotiating process, they weren’t making it to that part.

I was able to connect fine, as were all other clients. Even a machine on the same network as their production machine could connect just fine. This makes me think there was something very weird going on in their network with routing.

Nothing was changed on our server like firewalls/IP/host. I checked the certificates on our web server as well. It had also upgraded in November 2024, and other locations has no issues connecting to us through Cloudflare.

As of 2:13 PM EST yesterday (1/14), they have had no problems connecting.

I wish I knew what changed, I don’t like problems I’m not sure how to trouble-shoot.

Thank you for the suggestions.

system · January 30, 2025, 8:36pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error 522 connection timed out on some sites DNS & Network	2	3876	December 6, 2019
522 error cant fix DNS & Network	2	1454	September 28, 2022
Help! I have problems with cloudflare DNS & Network	2	3052	September 10, 2021
IP Addresses DNS & Network	3	2079	March 17, 2022
Cloudflare down DNS & Network	4	1652	August 22, 2022