The ID string shown at the bottom when you get the 521 error.
Yes, sent them ray ID, and 2 files they requested and something else yesterday when I was having error 520
Im pretty sure SSL “Full” instead of Flexible is causing the 521 issue.
But then again, “Flexible” causes the SSL to be invalid for some reason
What did they say about that failed connection? What was the technical reason? @cs-cf, any idea?
What SSL mode are you using right now?
I’ll start from the begining.
I noticed that for the past week the website was going down really often sometime as often as 3x per hour then wouldn’t go down for the next 4 then down again etc.
Contacted namecheap they said it was Cloudflare’s issue (error 520) and had to send the RAY ID + the 2 files to Cloudflare and they said it was the hosts problem.
Then this went on saying it was the other’s fault.
So I checked the settings from my other domain that is using namecheap in the same hosting package & using Cloudflare, and noticed it had “Flexible” SSL, the website I was having issues with had “Full” instead of Flexible so I chose Flexible SSL and the website instead of going down every now and then with Error 520 started going down 24/7 with Error 520.
And it’s been going like this for quite a while.
Full SSL = Error 521, Flexible = Error 520 / SSL Invalid now for some reason.
This was the last of namecheaps message:
"We are sorry that you had to experience such issues.
We cannot confirm the presence of the error on our end. If the website is checked directly from the server(bypassing the Cloudflare CDN), the site is visible.
You can check the site directly from a server via such tools as [https://hosts.cx]
Please check it on your end and let us know if we can be of any further assistance."
Well, you still have an invalid certificate on your server, so “Full strict” will fail. Regular Full should work however. Also, even if the certificate is the issue it shouldnt return either 520 or 521 but rather a 525.
As your site generally seems to be up (albeit with an invalid certificate) I’d say that is either an issue on Cloudflare’s side or - if not - Namecheap does have some rate-limiting in place and aborts Cloudflare connections. I am afraid that is something I cant debug either. Maybe @cs-cf or @cloonan can shed some light.
For me the site is still returning a 521 error / not online.
Only available when I use the link above to skip the HTTP Proxy (CDN)
Thats what I have been saying.
And you do have a valid certificate on your server at this point it seems.
Yes, that’s what I mean.
“Full” returns a valid certificate and gives me error 521, Flexible returns Invalid certificate.
It shouldnt return an invalid certificate. As long as you go via Cloudflare you will always get its certificate and that should be valid. I was referring to the certificate on your server.
Anyhow, my guess would be some rate-limiting on Namecheap’s side but thats just a guess.
Seems like Flexible still gives 521 but maybe that’s because it hasn’t yet updated / propagated. I think the Invalid Certificate was maybe because I deactivated the Proxy HTTP (CDN) so that I could connect to the site?
That is more likely. At this point the SSL mode should not matter much as you do seem to have a valid certificate and you could even switch to Full Strict.
It really seems to be something on the network level, but whether that is on Cloudflare’s or Namecheap’s side is something I cant tell at this point. My guess would be the latter, but thats a guess and no guarantee
Don’t think it’s namecheaps side because I can access the website when I deactive the HTTP Proxy (CDN)
Hence I mentioned rate-limiting three times so far if they block connections from Cloudflare you will experience exactly the issue you are experiencing.
I’ll second this. If there’s something at Namecheap’s side that’s more sensitive to how Cloudflare queries the server, they’ll start blocking requests. When that happens, there should be a log of the event at the host, but most host support departments don’t want to take the time to track these down. It’s cost prohibitive and easier to blame Cloudflare.
SSL no longer marked as invalid, however I can’t use the CDN without the error 521.
I am afraid there is not more to add.
Only Cloudflare and Namecheap can sort that out. I’d contact Namecheap and address a potential IP-based rate-limiting issue on their side and if they know anything about it.
@sumusiko, let us know if you are/are not able to identify rate limiting. If you contact Cloudflare Support, please share the ticket number.
ID: Request #1609257
I am currently not using the CDN and have been able to access the site properly, but I’m scared of activating the CDN and getting 520 error again
You should be ok if you’ve verified the ip white listing. Did you share the upstream header error with your host? Here are the ips - https://www.cloudflare.com/ips/