Error code 525, ssl handshake failed code

Hello,
I’ve been getting this error code today on and off on my tattoo site:
“error code 525, ssl handshake failed code”
My hosting support said I should contact you guys for a fix.
Can you please help?

May I ask what troubleshooting steps have you tried already from the article below related to your 525 error? :thinking:

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

Before moving to Cloudflare, was your Website working over HTTPS connection?

Before doing anything at Cloudflare settings, you could determine if you have a valid SSL certificate installed at the origin host/server by your web hosting provider or your own VPS/dedicated server following the steps from below:

  1. Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
  2. The link is in the lower right corner of that page.
  3. Give it five minutes to take effect.
  4. Check with your hosting provider / cPanel AutoSSL / ACME.sh / Certbot / Let’s Encrypt or some other and renew it accordingly.
  5. Make sure site is working as expected without any errors via HTTPS.
  6. Only then should you un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).

Here is a way to re-check if you correctly setup the SSL for your domain with Cloudflare:

Question 1: May I ask what SSL option have you got selected under the [SSL/TLS tab] at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?
Answer: Full

Question 2: Before moving to Cloudflare, was your Website working over HTTPS connection?
Answer: yes

I also paused Cloudflare on site, and checked it on my host after 5 min. The ssl certificate provided from my host is active and the website loads with https, so I turned it on again afterwards on Cloudflare as well.

On a side note, the ssl errors seem to appear only once in while and differs from person to person. For example it seems to be working on my laptop, but the person from hosting support said that on their end the website isn’t loading at all.

This is a known issue (well, at least, known by me). Although I was never able to pinpoint the root cause, I strongly believe it is because of some nasty upstreams Cloudflare employs in their PoPs. AS6663, for instance, inspects and filters outbounds connections from Cloudflare’s servers to origins that are blacklisted by Turkish government. They are dualhomed to Cogent in Istanbul, but still keep routing over this offending upstream (172.69.182.0/24 - bgp.tools).

Also see:

A workaround posted by me:

I basically read everything in your reply, but understood nothing.
Is there a fix for all of this?
Or we just leave it hanging?
Thanks

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.