Error 525 SSL handshake failed multiple sites

Recently all my sites they have hosted with one supplier are rending the Error 525 SSL message on first load of page. If you load the page again it then works though.
The sites have all be using Cloudflare for 2 years + and nothing has been changed on the actual sites ( ie HTML/CSS/Plugins ) etc for months. I don’t own the hosting so I can’t comment on these changes ( if any ) of the server.

Has anyone dealt with this issue before and how did they approach the hosting provider?

Suggestions to troubleshoot, if so:

Are they hosted on a cPanel which might be running some firewall like Imunify360 or using DDoS Guard services or some proxy like JavaPipe? :thinking:

Maybe the SSL expired for those domains and need to be renewed :thinking:

Before moving to Cloudflare, was your Website working over HTTPS connection?

You could determine this by:

  1. Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
  2. The link is in the lower right corner of that page.
  3. Give it five minutes to take effect, then make sure site is working as expected with HTTPS without any error
  4. Check with your hosting provider / cPanel AutoSSL / Let’s Encrypt / Certbot, etc. and renew it
  5. Only then, when your website responds over HTTPS, you should un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).

Can the SSL expire via Cloudflare? I thought it was a continual running function, I didn’t realise it could expire.

If Cloudflare’s SSL expires, you won’t get a 525. You’ll get the usual browser error about not being able to make a secure connection.

If your host’s SSL expires, that’s when you get the 525.

How can a hosts SSL expire? I set the SSL up without the hosts assistance all through the Cloudflare portal, nothing was changed on the server. The only changes I made were Nameserver amends, to point it at Cloudflare.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.