Error 525 SSL handshake failed for Let's Encrypt SSL Website - brainootropics.com

Website, Application, Performance Security
1

I’m having issues getting my website to accept https and the biggest frustration is that it initially worked like a charm until I did something that broke it.

So I’m hosting brainootropics.com on a centos 7 server and installed Let’s Encrypt’s certbot package. I have run certbot and I’ve set up a ssl certificate for my website without any issues so my brainootropics.com.conf file looks like this:

<Directory /websites/brainootropics.com/www>
        Require all granted
        AllowOverride None
</Directory>

<VirtualHost *:80>
        DocumentRoot /websites/brainootropics.com/www
        ServerName brainootropics.com
        ServerAdmin [email protected]
        ErrorLog "logs/brainootropics.com_error_log"
        CustomLog "logs/brainootropics.com_access_log" combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =brainootropics.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>


#Listen 443

<VirtualHost *:443>
        DocumentRoot /websites/brainootropics.com/www
        ServerName brainootropics.com
#       SSLEngine on
        ServerAdmin [email protected]
        ErrorLog "logs/brainootropics.com_ssl_error_log"
        CustomLog "logs/brainootropics.com_ssl_access_log" combined
SSLCertificateFile /etc/letsencrypt/live/brainootropics.com-0003/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/brainootropics.com-0003/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/brainootropics.com-0003/chain.pem
</VirtualHost>

Right now the SSL Cloudflare configuration tab looks like this:

screencapture-dash-cloudflare-440479f334444ed22c355c50e83b94e7-brainootropics-com-ssl-tls-2019-09-20-23_58_58
screencapture-dash-cloudflare-440479f334444ed22c355c50e83b94e7-brainootropics-com-ssl-tls-2019-09-20-23_58_581920×4066 294 KB

Where should I look for or what should I try in order to make this work? I’ve followed various tutorials and as far as | can tell this should already be working.

2

Your SSL/TLS page looks good, but a 525 is because something is really wrong with TLS on your server. I see you’ve set it to Full (not strict), so expiration and hostname shouldn’t be the problem.

If I had this problem, I would go to the Overview section of the Cloudflare Dashboard, and Pause Cloudflare on Site and make sure I could connect with HTTPS. Remember that it takes 5 minutes for the Pause to take effect.

1 Like
3

Right now the website is disabled from Cloudflare as you have suggested and has a valid Let’s Encrypt SSL certificate but as soon as I enable Cloudflare back again I get the same error. Please also note that I also did a fresh install for the whole webserver. Any other clues?

4

Was that 525 Error screen a Cloudflare-branded one?

Next step would be to re-enable Cloudflare, and open a Support ticket if you’re still getting the 525 screen.

5

I don’t remember if it was a cloudflare branded but as far as I can remember, it wasn’t. Either way, rigth now it’s not relevant anymore and I did a fresh install and managed to see the website up and running with Let’s Encrypt SSL enabled while it was disabled from cloudflare as you have suggested. Now I have enabled it and it’s finally working.

Also, I noticed in my fist Cloudflare SSL screenshot that I have disabled Universal SSL and this might have been the reason for the 535 error in the first place so if anyone is getting that please be aware.

I will also post my current Cloudflare SSL settings that finally work.

com
brainootropics.com.png1680×4210 287 KB

6

This topic was automatically closed after 30 days. New replies are no longer allowed.