Error 522 after full SSL strict set up

I just set SSL to my site on nginx laravel but i keep getting Error 522. Does Cloudflare need to time to recognize the SSL? to stop the error from appearing?

522 basically means that Cloudflare cannot reach your server at all.

Can you access you webserver via it’s ip address on port 443, or when the A record is set to :grey:?

What kind of certificate is installed on the origin? If it is self signed or invalid due to expiration for example, change your SSL settings to “Full”.

Yes, SSL is set to Full. I purchased SSL on namecheap. It’s actually working but sometimes it goes error 522. I am setting it now on page rule to always use https. Is this because the SSL i purchased is still new and takes some time to make it stable in Cloudflare?

Your domain root and www point to two different origins. www listens on 443 but the root does not.

More accurately your root points to two origins… only one of those listens on port 443.

1 Like

I would have never thought about two origin IPs :confused:

So i should set something like this on nginx.conf

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        	
        	ssl on;
        	ssl_certificate /etc/ssl/gigtrooper_com/cert_chain.crt;
        	ssl_certificate_key /etc/ssl/gigtrooper_com/gigtrooper_com.key;
        	ssl_prefer_server_ciphers on;

            server_name gigtrooper.com www.gigtrooper.com;
    }

I would just Are both the A records you have for gigtrooper.com correct? Or can you simply delete the ‘wrong’ one?

a%20records

I have the root and www pointing to the server ip address.

I also done allowlist Cloudflare ip address with the instruction given here
https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-Cloudflare-s-IP-addresses-in-iptables-
specifically these ip addresses

iptables -I INPUT -p tcp -m multiport --dports http,https -s "103.21.244.0" -j ACCEPT
iptables -I INPUT -p tcp -m multiport --dports http,https -s "103.21.244.1" -j ACCEPT
iptables -I INPUT -p tcp -m multiport --dports http,https -s "103.21.244.2" -j ACCEPT
iptables -I INPUT -p tcp -m multiport --dports http,https -s "103.21.244.3" -j ACCEPT

then hit iptables-save

Still having recurring issue

Yeah, but you have 2 IP addresses for the root. One points to the same place as www. The other doesn’t. I believe the one which doesn’t point to the same place as www is the one which isn’t listening on 443.

Okay just deleted the other root pointing to another ip address that must have been an old server and forgot to delete it. I will observe this for a day and let you know how it goes. Thank you so much for the help.

2 Likes

I can confirm that @cs-cf solution worked for me. Thanks a lot

1 Like

This topic was automatically closed after 14 days. New replies are no longer allowed.