Error 525: SSL handshake failed

ssl

#1

I have a website and multiple subdomains. On each subdomain, except one, I use a CMS that generates it’s own ssl using Let’s Encrypt. On the remaining subdomain I want to add my own certificate from Cloudflare. I generated a certificate put it in my /var/www/my/ for now. Just for testing. And in nginx I configured this block:

server{
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    ssl_certificate /var/www/my/fullchain.cer;
    ssl_certificate_key /var/www/my/my.domain.com.key;
    root /var/www/my;

    index index.php index.html;

    server_name my.domain.com;
    location / {
         try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /var/www/my/$fastcgi_script_name;
    }

    location ~ /\.ht {
        deny all;
    }
}

There seems to be a problem with my implementation because now my.domain.com works but for everything else I get this error from Cloudflare: Error 525: SSL handshake failed.

Any ideas what I’m doing wrong?

Thank you


#2

Do you happen to turn SSL mode into Full or Full (Strict) mode?

From what I see, you install your SSL on my.yourdomain.tld only. Not on other subdomains, therefore generating the error on the other subdomain.


#3

Yes. I have SSL Full mode. How can I include on other subdomains? Should I edit every .conf file from all subdomains? Or can I set something from Cloudflare?


#4

This might help you with the configuration:

For your information, Cloudflare have a page rule settings to change the SSL mode of a subdomain.


#5

From your first answer I understant that you sayd that I have ssl on my.domain.com and not on the other subdomains. The other subdomains had ssl. My problem occurred when I generated the certificate from Cloudflare and made my.domain.com to get that certificate.

My configuration for my.domain.com seems pretty much like that one from stackoverflow. I can’t edit the other configurations from subdomain since they are generated by the CMS.

If I comment my block for my.domain.com the other subdomains work withour a problem over SSL. So something is not ok with my configuration or there is an incompatibility between certificates ? I simply can’t find the problem with my config.


#6

Probably the handshake appears is that one is signed by Cloudflare and the other one by Let’s encrypt.