Error 525: SSL handshake failed

I have a website and multiple subdomains. On each subdomain, except one, I use a CMS that generates it’s own ssl using Let’s Encrypt. On the remaining subdomain I want to add my own certificate from Cloudflare. I generated a certificate put it in my /var/www/my/ for now. Just for testing. And in nginx I configured this block:

    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    ssl_certificate /var/www/my/fullchain.cer;
    ssl_certificate_key /var/www/my/;
    root /var/www/my;

    index index.php index.html;

    location / {
         try_files $uri $uri/ =404;

    location ~ \.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /var/www/my/$fastcgi_script_name;

    location ~ /\.ht {
        deny all;

There seems to be a problem with my implementation because now works but for everything else I get this error from Cloudflare: Error 525: SSL handshake failed.

Any ideas what I’m doing wrong?

Thank you

Do you happen to turn SSL mode into Full or Full (Strict) mode?

From what I see, you install your SSL on my.yourdomain.tld only. Not on other subdomains, therefore generating the error on the other subdomain.

Yes. I have SSL Full mode. How can I include on other subdomains? Should I edit every .conf file from all subdomains? Or can I set something from Cloudflare?

This might help you with the configuration:

For your information, Cloudflare have a page rule settings to change the SSL mode of a subdomain.

From your first answer I understant that you sayd that I have ssl on and not on the other subdomains. The other subdomains had ssl. My problem occurred when I generated the certificate from Cloudflare and made to get that certificate.

My configuration for seems pretty much like that one from stackoverflow. I can’t edit the other configurations from subdomain since they are generated by the CMS.

If I comment my block for the other subdomains work withour a problem over SSL. So something is not ok with my configuration or there is an incompatibility between certificates ? I simply can’t find the problem with my config.

Probably the handshake appears is that one is signed by Cloudflare and the other one by Let’s encrypt.