Error 522 - packets

I submitted a ticket, but I don’t have any pro or enterprise account or whatever (which is stupid) so I have to send this here, here’s what I wrote:

I’ll start off by saying that I don’t have access to the account that has the domain Gaming-Hub.eu set-up.

Hello, for the past 2 days from 7:00 UTC+2 to maybe 11:00 I’ve been getting 522 status and today it’s almost the whole day, it’s only on 1 webserver though (217.11.249.85 Czech Republic, https://gaming-hub.eu/), websites hosted on my VPS (82.208.17.136 Czech Republic) are running fine (eg. https://demos.gaming-hub.eu/), I posted a ticket to the host and they told me they don’t see any problem on their side and told me to send you this:

Times are in UTC+2
09:30:49.044838 IP 141.101.96.16.42578 > 217.11.249.85.80: Flags [S], seq 3950906380, win 65535, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
09:30:49.044851 IP 217.11.249.85.80 > 141.101.96.16.42578: Flags [S.], seq 2975647109, ack 3950906381, win 0, options [mss 1460], length 0
09:30:49.594316 IP 141.101.96.128.35138 > 217.11.249.85.80: Flags [S], seq 3736377527, win 65535, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
09:30:49.594332 IP 217.11.249.85.80 > 141.101.96.128.35138: Flags [S.], seq 1154830161, ack 3736377528, win 0, options [mss 1460], length 0
09:30:50.095250 IP 141.101.96.16.42578 > 217.11.249.85.80: Flags [S], seq 3950906380, win 65535, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
09:30:50.095265 IP 217.11.249.85.80 > 141.101.96.16.42578: Flags [S.], seq 2975647109, ack 3950906381, win 0, options [mss 1460], length 0
09:30:51.242117 IP 172.70.34.193.11474 > 217.11.249.85.80: Flags [S], seq 1779952009, win 65535, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
09:30:51.242159 IP 217.11.249.85.80 > 172.70.34.193.11474: Flags [S.], seq 2002756828, ack 1779952010, win 0, options [mss 1460], length 0
09:30:52.143220 IP 141.101.96.16.42578 > 217.11.249.85.80: Flags [S], seq 3950906380, win 65535, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
09:30:52.143234 IP 217.11.249.85.80 > 141.101.96.16.42578: Flags [S.], seq 3001257472, ack 3950906381, win 0, options [mss 1460], length 0
09:30:53.626324 IP 141.101.96.128.35138 > 217.11.249.85.80: Flags [S], seq 3736377527, win 65535, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
09:30:53.626339 IP 217.11.249.85.80 > 141.101.96.128.35138: Flags [S.], seq 1166644269, ack 3736377528, win 0, options [mss 1460], length 0

so basically the SYN packet from CloudFlare is going through, then the SYN / ACK goes fine from the host to CloudFlare but then the ACK packet doesn’t come from CloudFlare.

I’ve been watching the CloudFlare Community and people were having the same issue
(522 errors - ukraine hosting provider AS200000)

Can you try this below to cloudflare.com or?:

Does this mean, when you set DNS record to :grey: or temporarly actiavate Pause Cloudflare on this website, the Website loads up fine?

May I ask have you allowed Cloudflare IPs to connect to your VPS via yuur Firewall interface (if the hosting provider has it) or in your iptables (do not forget to run iptables-save at the end) or any other firewall like UFW, CSF?

Cloudflare IP address list can be found here:

Otherwise, you could temporarly, if so, try to move your Website away from the current hosting provider to some other like DigitalOcean. Therefore, maybe you won’t have the same error 522 anymore.

I didn’t have to allow anything on the VPS, I just put the DNS records there (and activated SSL in the CloudFlare panel) and it worked, everything has been working fine for like year and a half and now the webserver (which is sadly our main website source) isn’t working :frowning: Yeah I am thinking about moving it somewhere (the VPS works fine), but this problem should be resolved somehow because the whole webserver seems to be not working, I know this domain (https://paradoxgaming.eu) has a website on the same webserver and they’re facing the same problem.

Interesting.

May I ask have you contacted the support of your hosting provider? What did they, if so, told you about any outages or some incidents?

For the SSL, may I ask what kind of SSL option have you got selected under SSL/TLS tab on Cloudflare dashboard for your domain? (Flexible, Full, Full Strict)

As far as I have got this returned for gaming-hub.eu:

  1. Wrong domain in SSL certificate
  2. Expiried SSL certificate

Due to SSL, kindly here is a proper way to re-check if you correctly setup the SSL for your domain with Cloudflare:

If any other issues appear, follow the needed steps for troubleshooting from article below:

Regarding available SSL options at Cloudflare dashboard, check here:

In case you do not have an SSL certificate, you can use Cloudflare SSL, if so, kindly make sure you follow the instructions as follows on the below article to setup an SSL certificate using Cloudflare CA Origin Certificate:

Last but not least, kindly have a look here for more information regarding correct SSL settings:

1 Like

Yes, I have contacted them, I wrote that in my first post. Now I tried to set Proxy status to DNS only and I’m no longer having the 522 error… But it doesn’t point to my website, it points just to the IP (which results in showing me the “default” page of my hosting provider)

For the SSL option I have selected Flexible.

May I suggest looking into below article for more information why this option is not recommended:

1 Like

Unfortunately I’m worried I can’t install a SSL certificate, since I have access only to FTP, I can’t SSH to it (don’t know if I can do it without that) but still, why doesn’t it work now? as I said… it worked for a year and a half and me (and my host provider) isn’t the only one, that is facing this issue.

Also, I selected the flexible to “leave the impression to be secure”, since I don’t think I can do anything more and I don’t really care I guess since any attacks would go to the hosting provider and he would have to deal with that.

I am afraid in that case you’ll never be able to have a secure site, as @fritex already pointed out.

I would rather not comment on that. No offence, but you are deliberately deceiving your visitors.

1 Like

To be 100 % honest with you I don’t know what it means for the visitors that he website will be more secure, I don’t have any personal information or login system etc. on the website, so… I might google that later.

Look at the site now though… it just started working… https://gaming-hub.eu and https://paradoxgaming.eu and I did nothing… but it will probably stop working again in few hours…

If you do not require SSL, it is fairly easy and you set the encryption mode to Off.

1 Like

yeah as I said… 15 minutes and it’s not working again… (and 2 minutes later it’s working again, what…)

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.