Error 521 in Full SSL

Guys, I have error 521 with Full SSL encryption, when I turn into Flexible my website works, is there anything that i can do with the origin server?

Does your origin server support HTTPS connections?


For Full (non-strict), make sure your origin accepts HTTPS connections and has some form of SSL certificate (even if it’s self-signed or expired); obviously this is not particularly secure.

For Full (strict), if you have full control over your origin server you can either acquire a proper SSL certificate with Letsencrypt/Certbot (and make sure it’s set up for automatic renewal), or download a 10-year origin certificate from Cloudflare and put it on your server.

If your origin is a third-party host like Github Pages or Google Sites, you’re kind of at their mercy, they often refuse to issue/renew SSL certificates if your DNS entries are orange-clouded. You can grey-cloud temporarily and try to get them to issue your certificate (for example going into the repo settings in Github Pages tends to kick it off), then orange-cloud them again after the certificate is issued, but if you’re using Full (Strict) you’ll be back in the same boat a few months later when the certificate expires.

I’m gradually migrating most of my Github Pages sites to Cloudflare Pages for this reason.

Thank you for the answer! I own the origin server and I will try to get a certificate tonight

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.