Error 522 after full SSL strict set up


#1

I just set SSL to my site on nginx laravel but i keep getting Error 522. Does cloudflare need to time to recognize the SSL? to stop the error from appearing?


#2

522 basically means that CloudFlare cannot reach your server at all.

Can you access you webserver via it’s ip address on port 443, or when the A record is set to :grey:?

What kind of certificate is installed on the origin? If it is self signed or invalid due to expiration for example, change your SSL settings to “Full”.


#3

Yes, SSL is set to Full. I purchased SSL on namecheap. It’s actually working but sometimes it goes error 522. I am setting it now on page rule to always use https. Is this because the SSL i purchased is still new and takes some time to make it stable in cloudflare?


#4

Your domain root and www point to two different origins. www listens on 443 but the root does not.


#5

More accurately your root points to two origins… only one of those listens on port 443.


#6

I would have never thought about two origin IPs :confused:


#7

So i should set something like this on nginx.conf

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        	
        	ssl on;
        	ssl_certificate /etc/ssl/gigtrooper_com/cert_chain.crt;
        	ssl_certificate_key /etc/ssl/gigtrooper_com/gigtrooper_com.key;
        	ssl_prefer_server_ciphers on;

            server_name gigtrooper.com www.gigtrooper.com;
    }

#8

I would just Are both the A records you have for gigtrooper.com correct? Or can you simply delete the ‘wrong’ one?


#9

a%20records

I have the root and www pointing to the server ip address.

I also done whitelist cloudflare ip address with the instruction given here


specifically these ip addresses

iptables -I INPUT -p tcp -m multiport --dports http,https -s "103.21.244.0" -j ACCEPT
iptables -I INPUT -p tcp -m multiport --dports http,https -s "103.21.244.1" -j ACCEPT
iptables -I INPUT -p tcp -m multiport --dports http,https -s "103.21.244.2" -j ACCEPT
iptables -I INPUT -p tcp -m multiport --dports http,https -s "103.21.244.3" -j ACCEPT

then hit iptables-save

Still having recurring issue


#10

Yeah, but you have 2 IP addresses for the root. One points to the same place as www. The other doesn’t. I believe the one which doesn’t point to the same place as www is the one which isn’t listening on 443.


#11

Okay just deleted the other root pointing to another ip address that must have been an old server and forgot to delete it. I will observe this for a day and let you know how it goes. Thank you so much for the help.


#12

I can confirm that @cscharff solution worked for me. Thanks a lot


#13

This topic was automatically closed after 14 days. New replies are no longer allowed.