Error 525 and 1&1 SSL / Not Secure

First I am not a web guy. I have been hosted with 1&1 for years. My 1&1 has a SSL Certificate but my 1&1 DNS points to Cloudflare.

I always get a Unsecure on most browsers but Google Chrome has a Error 525 SSL handshake failed. How can this be fixed so I can stop losing site visitors. I tried to trouble shoot this last year but then covid hit and my business was non existent. Now its picking up and a client told me he almost avoided my website because of the SSL issue.

Thank you in advanced.

Kyle

  1. I get a Not Secure because you don’t have “Always Use HTTPS” enabled in SSL/TLS → Edge Certificates. (automatic HTTPS rewrites is also handy)
  2. I also get a 525 in Brave (Chrome) and Firefox. A 525 quite clearly means the server it’s pointed to doesn’t have valid SSL.

I suggest you use the “Pause Cloudflare on Site” option from the Overview tab at dash.cloudflare.com. The link is in the lower right corner of that page. Give it five minutes to take effect, then make sure site is working as expected with HTTPS. Only then should you un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).

1 Like

Thanks - I just changed that “always use HTTPS” and then changed it to Flexible instead of full. I use MS Edge and Chrome. Dont have Firefox installed on this PC.

I think I fixed the issue. It was nice to have a client tell me I should get it fixed.

2 Likes

They told you to use Flexible mode? That’s terrible advice and doesn’t make it Secure like you wanted it to be.

1 Like

It would not appear to have that, assuming your server IP address ends in 37.

As @sdayman already wrote, your site is currently insecure and does not have encryption.

I cant get it to work with strict. only flexible.

So you’re no longer concerned about your site being “Not Secure”?

1 Like

Would you like to offer suggestions on how I can fix this with 1&1 servers?

Only 1&1 would have that solution. Cloudflare can provide an origin cert that will work in Full (Strict) mode, but if 1&1 isn’t accommodating, you’d have to find a host that supports secure servers.

https://developers.cloudflare.com/ssl/origin-configuration/origin-ca

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.