I am using Cloudflare to manage the DNS, pointing to the EC2 instance with the IP proxied with it set to Full (although I had this issue with strict as well). I have five domains pointed to that single EC2. all set up the same.
On that EC2, I have certbot installed, running Apache and UFW enabled, with the Cloudflare IPs added to the IP tables.
Every 24 hours, the 521 error will pop up, in which a restart of the EC2 resolves it quickly smart.
Is there a step missing in something I’ve set up? My googling hasn’t come up with anything relevant to solve this.
Using Full is not a good decision as that is a legacy mode which drops encryption. Make sure to use Strict.
As for the 521, that will be because your server is not reachable. If you say this happens once a day and a restart fixes it, you may have some firewall issue. Talk to your administrator to have this fixed. You may also want to consider pausing Cloudflare while you debug the issue.
I’ve got the firewall on the OS configured, but it may also be configured on the VPC side. Has anyone else with AWS had to do this also? That part was a little unclear to me, and I couldn’t find many posts explaining if that was needed.
Everything that may block Cloudflare needs to be configured to not do so. I’d probably pause Cloudflare to verify if some general firewall may get enabled every 24 hours. I’d really reach out to your administrator, as server configuration is generally beyond the scope of the forum here.