Error 502 Bad gateway.!


Suddenly my website showing this (Error 502 Bad gateway) error. Screenshot is attached I checked DNS setting and all is correct. Please help to get out of this.


There is a problem with your origin server. You’ll need to contact your hosting provider or correct it.

curl -Ik --resolve
HTTP/2 502
server: nginx
date: Wed, 16 May 2018 20:43:18 GMT
content-type: text/html
content-length: 166
x-xss-protection: 1; mode=block
x-content-type-options: nosniff


I already contact with my Hosting provider and they give me the following link and told me

"Please check the attached file. Your A record IP will be , But here we see its not matched. So please contact with your SSL certificate provider Cloudflare. "

Please help to get out of this.


They’re not familiar with Cloudflare’s proxy service. Those IP addresses are correct.

Please double-check your DNS settings here at Cloudflare to make sure that your domain’s A records use the same IP addresses from your post.

I tested the Curl command @cscharff suggested and your server responds with “SSL certificate problem: certificate has expired”

You need to fix the certificate at your web host.


I checked my host A record and its perfectly ok. IP addresses. I can’t understand where is the problem.


Contact them again. Provide the information below to them. They can substitute the 64. address themselves in the curl command and verify their server is responding with a 502 error. Or you can set the entry to :grey: so the IP will show up as 64. to ease their minds (and the problem will still be on their origin) and after needlessly exposing your origin IP you can then change the record back to :orange: once they fix the problem which exists squarely at the origin.

curl -Ik --resolve

HTTP/2 502
server: nginx
date: Wed, 16 May 2018 20:43:18 GMT
content-type: text/html
content-length: 166
x-xss-protection: 1; mode=block
x-content-type-options: nosniff


Does an expired certificate trigger a 502?


No, the cert has been expired for months. There’s a problem with the origin server itself. They’ve now changes something as now responds with a 301 to But, then the origin server responds with a 502 (again/still).

If they look at the curl command above, run it and still say everything is “fine” then it’s time to ask them to escalate to someone who knows how to spell curl.


When I removed the cloudflare totally, website works fine. This error come from cloudflare. I observed that Cloudflare is not free. It has limitation on free plan.


The problem is not with Cloudflare. At this point you have the naked domain pointing at Cloudflare (but apparently entered an invalid IP address on their end) and the www host to your actual server. If you open you will notice the certificate warning, mentioning that it is a certificate for and not your domain.


Define works fine…

The issue is at the origin. The information I provided for troubleshooting should be sufficient for your web host to resolve the issue. If they can’t… you could set your SSL to flexible, which uses http instead of https to connect to your origin. That will ‘fix’ the problem by not using SSL to connect to your origin, but SSL on your origin is still broken.


At this point the entire site is off of Cloudflare (well, except for the nameservers).

Considering the site does have a TLS endpoint, wouldnt “Full SSL” (not strict) still be better?


You could give Full (not strict) a try, but that screenshot reminds me of what cPanel does when your site doesn’t support SSL. It’s as if cPanel won’t even let you in on Port 443.


I guess that depends on the end goal. Switching to full strict will change from the original 502 error to a 525 error.


I am speaking here purely from a TLS point of view. Whatever happens beyond TLS is certainly a different subject and it appears it would require some tweaking there as well, but I’d except him to be able to at least go through to his webserver if he sets it to “Full SSL”.

Why a handshake error? The certificate appears to be valid, it simply has been issued for a different host and case is one of those was “Full SSL” was designed for, wasnt it?


It appears your hosting provider has finally fixed the origin server to display your website on port 443. You should now be able to enable Cloudflare again.


It still seems to present the same certificate from two days ago.


But it neither returns a 502 error nor does it return a generic webserver page. So with the customer’s previous settings changing the DNS record back to :orange: will allow the site to be rendered via Cloudflare.


True, they finally managed to have it point to the right directory. Though the certificate is still misconfigured and should be fixed.


But when I change back to :orange: my dns its again goes to the first stage “Error 502 Bad Gateway from Cloudflare.”