Error 525 SSL handshake failed on my website

Hello,

Yesterday suddenly during accessing my domain, the page shows error 525. I just follow a few instructions such as:

Changed the SSL from Flexibel to Full then back again.
Changed the SSL chiper on my server from TLSv1.2 to TLSv1.3 vice versa.
Update the SSL certificate on my server

But the domain always showed error 525. But when the CF proxy was off, the domain was live with the SSL version.

I hope someone here would do a bit of favor to me by helping me solve this issue.

I’d recommend to pause Cloudflare (bottom right), check if the site loads fine on HTTPS and talk to the host, if it does not. Once it loads fine on HTTPS, you can unpause Cloudflare.

1 Like

How to pause Cloudflare? by set the proxy to be DNS only, isn’t it? If yes, the answer is the site load fine on HTTPS without Cloudflare.

After the site loads fine on HTTPS and then unpauses the Cloudflare, the website will show back Error 525

Right, can you pause the site?

Yups I can pause it. The next step is purge everything. Then website is live

All right, yes, your server is configured for SSL. The 525 would then suggest your server is blocking or limiting Cloudflare IP addresses. Make sure none of the addresses at cloudflare.com/ips are blocked by your server.

Also, set Full Strict, as Full is still insecure.

Cloudflare IP addresses have been added since last year. I tried to set the SSL/TLS to be Flexible, Full, and Full (strict), but none of them works

It should only be Full Strict. If you select anythong else it will be insecure.

But as I said, the issue here will be that your server limits Cloudflare addresses. Check out Community Tip - Fixing Error 525: SSL handshake failed, in particular 5, 6, and 7.

I had tried the SSL/TLS to Full Strict as you mentioned.

Community Tip - Fixing Error 525: SSL handshake failed point 5,
SSL Cipher Suite: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

also has set SSL/TLS Protocols TLSv1.2

Points 6 & 7 there have no issue on this state

They absolutely do, because that will be the precise reason for the error. Something on your server stops SSL connections from Cloudflare. I am afraid that’s something for your system administrator to figure out, as that is a local issue and not Cloudflare related. Mentioned logging may help you of course.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.