ERR_SSL_PROTOCOL_ERROR and Error 525 SSL handshake failed

I am using Cloudflare’s free SSL since long and it was working perfectly on my 2 sites, but from last 5 days, both sites are down. I have not done anything from my side on the server or in the Cloudflare A/c. and I am getting errors on my sites. I have talked with my Hosting provider and they have updated and reinstalled the certificate, still getting the same errors.

My site…" " showing an error of “ERR_SSL_PROTOCOL_ERROR.”
and my other site, is showing an error of “Error 525 SSL handshake failed”.

Both the sites are showing Active certificate in my Cloudflare A/c. What should I do? how to configure the problem? please help, I am new here.

The 525 is a certificate problem on your server. It could be expired or mis-named. Maybe even non-existent. For this one, go to your Cloudflare DNS and set that domain to :grey: and see what happens. That will give you more insight into its certificate status. You can also see what happens if you change your SSL setting to Full (not strict).

The ERR_SSL_PROTOCOL_ERROR error implies it’s a problem with your Cloudflare certificate. Even though it says “Active.” For that site, go to your Cloudflare Crypto page and scroll to the very bottom. Click “Disable Universal SSL” and wait 5 or so minutes. Then click it to “Enable Universal SSL.” This should re-issue the SSL certificate. If this doesn’t work (for the .com site), contact Support: login to Cloudflare and then contact Cloudflare Support.

Ok. thanks @sdayman for reply.
As you have suggested, let me focus on one site at a time.
For COM site,
First, I have “Disabled Universal SSL” and waited for 10min. Then I clicked it to “Enable Universal SSL.” and I have seen that new certificate has been issued.

Other settings under Crypto–
SSL - Full
Always use HTTPS- off
Opportunistic Encryption- On
TLS 1.3- enabled
Automatic HTTPS Rewrites- Off

Please suggest, if changes needed, i will change it.
Have a look on these screenshot. I have changes some DNS settings too.


The bottom screenshot says “Issuing Certificate”, so it’s not ready yet. If 24 hours goes by and it’s still not Active, contact Support.

I do see some non-SSL-related issues in your DNS:

  • You probably don’t need localhost. That expands to, which you probably don’t use anywhere.
  • The following shouldn’t be :orange: because they don’t use HTTP/S: mail, ftp.
  • ns1 and ns2 are probably unnecessary, as you’re using Cloudflare’s name servers now.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.