DNS A Record points to Digital Ocean Droplet WordPress throwing 521 Error

I’m migrating my WordPress website to a Digital Ocean Droplet, but I’m running into some issues. I’m hoping to discover the best practice, but there’s conflicting information on the internet, and nothing quite matches my exact case, it seems.

  1. Export the existing WordPress website using All-In-One-WP-Migration plugin
  2. Create a new DigitalOcean Droplet using their WordPress 5.8 / Ubuntu 20.04 image
  3. Set DNS A Record to new IP Address in Cloudflare (so that the next step can occur)
  4. Run the cli provided by the Droplet image which configures WordPress, and CertBot issues an SSL certificate (this requires authorization via access to the domain)
  5. No dice! I’m getting a stinkin’ 521 error

Is there a better way of doing this? My client wants to use All-In-One, but I’m more than happy to convince them I’m doing something different, if it works better.

Greetings,

Thank you for asking.

May I ask if you double-checked for any of the possible firewall settings for your DO droplet? :thinking:

Furthermore, do not skip below step and kindly re-check if Cloudflare is allowed to connect to your origin host to as follows in the below article:

Nevertheless, Cloudflare IP addresses list can be found here:

Regarding Cloudflare proxy mode :orange: and possible issues/errors as like Cloudflare timeout or 521, I’d suggest reading the steps what to do in that case as written on my recent post from below:

Thank you for your response. I discovered the issue. I had improperly configured my Cloudflare SSL and HTTPS redirect settings. These are the settings I now use that work well:

  • DNS A Record pointing to Droplet IPv4

  • SSL/TLS > Overview > Flexible

  • SSL/TLS > Edge Certificates > Always Use HTTPS Enabled

Rules > Page Rules > url.com SSL: Flexible

Also, I was experiencing a redirection loop, due to using Certbot to set up HTTPS redirection and an SSL on the Droplet, without realizing that Cloudflare was taking care of that for me.

You currently have a security issue.

Thank you Sandro, I’m going to fix this immediately

I have now enabled Full Strict across all of my websites. Very grateful for your share, Sandro.