Error 525: SSL handshake failed - Intermittent

Hi this keeps happening and my host said this…

Hi Claire, this is a bit of a catch 22 situation really. SSL certificates are short issuance, which means they need renewing every few months. This happens automatically - but if you have pointed your domain elsewhere, i.e to cloudlfare, your SSL certificate will not renew, because your domain cannot be resolved to our server.

So you do have an SSL certificate installed, but it is out of date. There is no way to force it because the certificate authority will check to see if it is valid when issuing the certificate - and of course, if your domain points elsewhere it will fail the validation.

So my only advice would be to switch back to our nameservers for your domain - then wait two hours for DNS propagation - then ask us to request the new certificate. Once this is installed you can switch back to cloudflare.

You would need to do this every time your certificate expires.

I would recommend finding some way to make cloudlfare ignore certificate errors between itself and your website.

My question is, am I missing some setting in my dashboard? Because surely I shouldn’t need to do this every 3 months?

Your host has chosen DNS verification for certs rather than HTTP (.well-known directory) verification. Obviously, this won’t work if they don’t use a Cloudflare DNS hook option.

Your best option would be to install a Cloudflare origin certificate at your host:

This topic was automatically closed after 30 days. New replies are no longer allowed.