Error 521 when web server is fully responsive

I’ve just set up my domain to go through cloudflare dns, and while it worked for a short while after getting it up and running, I’m now getting 521 errors every time I try to access the server via my domain.

I have an A record linking from my domain to my webserver IP, a CNAME record linking www to the domain, and I’ve ensured that port 443 is open on my server (https://[webserver ip] works fine).

Anyone have a potential solution to this? I’m happy to provide other details where I can.

What was the last thing you have changed?

Could you provide us with your domain, so we can check it ourselves?
Also, a screenshot (IPs can be anonymized) of your DNS section would be good.

1 Like

It could just be rate limiting since now all your traffic is funneled through a small set of Cloudflare IP addresses.

1 Like

at this point I’ve changed a couple things in troubleshooting so it’s a little hard to recall exactly where the problem occurred, but my very last changes were simply removing the affected dns records and putting them back.

attached is my dns records, some parts anonymized of course.

the only other records are an SRV for a minecraft server, and necessary records for a mail server (which worked/still work fine after the move)

I haven’t been rate limited when using the server’s ip to connect, so I kind of doubt that. I’m hosting on an ubuntu server box and I’ve already gone through every recommendation I could find to whitelist cloudflare’s ips- using ufw allow, iptables, etc.

have you tried:
[webserver ip]:443 or just [webserver ip]?
Seems like your webserver is not listening on port 443.

To know what port you have to check we must know which SSL Mode you are in:

  • Flexible
  • Full
  • Full (Strict)

I’ve tried https://[webserver ip]:443 and https://[webserver ip], both work fine, so I can guarantee the webserver is listening correctly.

I’m currently using Flexible SSL Mode.

Thats a problem in multiple ways:

  1. its not safe and secure
  2. it makes the request go like this:
    CLIENT =(:443)=> CLOUFLARE =(:80)=> SERVER

That means, your request will be redirected to port 80 at your origin server.

Thats both the same, as the sheme is HTTPS and therefore port :443 is default. But with Flexible SSL Cloudflare will send the request to port 80 not 443

Please try this:

https://[webserver ip] or just http://[webserver ip] (notice the last if HTTP not HTTPS)
Ports here are optional
HTTP = :80
HTTPS = :443

Please make sure:

  1. you have a valid SSL Cert on your server installed for your domains (, *
  2. put your SSL Mode into “Full (Strict)”

then try again

I know that my server doesn’t listen on port :80- it’s a node.js server that’s only set to listen on 443. Connecting to http://[webserver ip] will time out, but surprisingly [webserver ip]:80 redirects to the https URL (I’m guessing this is to do with caching)

my SSL cert is definitely valid (renewed yesterday) and my browser has no complaints when accessed via the domain URL.

I had set SSL Mode to Full (Strict) and saw no change, but after writing all of this and refreshing, the page seems to be working again!

my best guess is that this pathway was the source of the problem. thank you very much for the help!

I can also see it working now.
One more thing:

Your site is reachable through both domains:


Please set up one of your free PageRules to redirect traffic from one to the other domain to not have duplicate content.

set up, and seems to be redirecting just fine.

thank you very much again for your help, I really appreciate it! :slight_smile:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.