Flexible encryption mode works fine, Full or Full (Strict) returns error 522

Hello! I’ve been having some trouble with my websites recently. I added a CloudFlare Origin Certificate to my self-hosted Apache web server, and for the most part it works just fine. My websites have valid certificates and run on https perfectly.

However, when I change the SSL/TLS encryption mode to Full or Full (Strict) CloudFlare returns a 522 error. I’m having issues fixing this, because all of the previous help material have issues connecting to their websites at all.

I was wonder if anyone might have an idea of what might be causing this. What changes are made between Flexible and Full that might cause the 522 error?

One (Full Strict) is secure, the other one is insecure and communicates via unencrypted HTTP.

A 522 is returned when the connection timed out, which suggests your server is not reachable on port 443.

For now I’d suggest to pause Cloudflare (Overview screen, bottom right) and make sure the site loads fine on HTTPS without Cloudflare and only then unpause (as you use an Origin certificate, you’ll get a certificate warning, but you can ignore this warning for once).

I paused Cloudflare, and loaded the site on https. It works normally no issues. I didn’t get a certificate warning either, which is kinda strange.

If you have an Origin certificate you should get a warning.

What is your current encryption mode? Did you check if a firewall maybe blocks Cloudflare addresses?

Current encryption mode is Flexible. I’m not currently blocking any ips on my router’s firewall. I did however try disabling my routers firewall temporarily. Without a firewall it returned a 521 error. Not sure if this might give any indications.

It gave error 521 on Full encryption mode btw.

With a 522 you either have no HTTPS server listening or block Cloudflare’s addresses.

Can you pause Cloudflare for now?

I paused it

With a 522 you either have no HTTPS server listening

I do have an HTTPS server listening, as I force all request to https, and the website loads fine as long as I’m not in Full encryption mode.

I am afraid it does not seem to work on HTTPS.

sitemeer.com/#https://www.ethanrobertson.dev

Strange, because I’m currently on the website on https.

image

Any idea as to why I might be able to view it despite it being down?
I’ve refreshed, tried difference devices, and different browsers and they all work.

I’m also on a different network from my hosting computer, so it can’t be that.

You might be still going via the proxies. It might take some time for the propagation.

The underlying issue is that your server is either not configured for SSL or does not accept connections.

Okay. Do you happen to know about setting up virtual hosts in apache?

image

Just wondering if this information all checks out. the cert file and key are from Cloudflare

I am afraid server administration would be a bit out of the scope of the forum here. StackExchange or Reddit will be better for that.

But it doesn’t seem to be a certificate issue, rather a general network issue.

1 Like

Okay, thanks for the help!

it doesn’t seem to be a certificate issue, rather a general network issue

I just realised my mistake as I’m in bed about to fall asleep. I didn’t port forward port 443… Woops

That certainly explains a blocked port :slight_smile:. Just make sure you set it to “Full Strict” now and you should be good to go.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.