Frequent 520 ERROR

It occasionally shows 520 ERROR when we visit our website. But if the screen is refreshed once or twice, the website is working just fine… this can really mean very bad for my customers who visit my website… if there is any help we would really appreciate it. God bless us all !!


I can reproduce the error basically everywhere

Does your server IP address end in 51? If so you have a broken SSL setup on your server, which is most likely the reason for that error. I’d suggest you pause Cloudflare for now (Overview screen, bottom right), make sure your site loads fine on HTTPS and only once that works, unpause Cloudflare again.

Welcome to the club: Sometimes a CF 520 error

Hi Sandro!! Thanks for your time.
Our website IP address ends in 189 FYKI.
Does this mean bad?

Currently it does not return a 520 but a 525 which confirms aforementioned SSL issue.

If you feel comfortable to share your IP address, please do so, I only have one ending in 51 here and it seems to show your site.

And yes, that server does not have a proper SSL setup. You might want to pause Cloudflare for now (Overview screen, bottom right) and make sure your site loads fine on HTTPS without Cloudflare and once that is working you can unpause Cloudflare.

For now you need to talk to your host and fix the SSL issue on your server.

@sandro Sincerely hoping to find a fix!!
Thanks loads for your help & support.

Yes, the address you just provided does not have a valid certificate either.

You need to get a valid certificate onto your server. would be an option here as well.

@sandro Just a moment…Will checkout and revert!!

@sandro Sincere apologies for asking this.
As I am not from a technical background is there any tutorial available to do this (the right way).

Your host needs to fix that and needs to configure your server properly and in a secure fashion. The Origin certificate link I posted is only one additional alternative and already explains the required steps but I’d really suggest to talk to your host as that’s their job and you are paying them for that.

Yeah true !! Actually i have opted for Cloud flare SSL (Free plan) and the SSL from my host provider is a PAID service and very costly too which i cant afford as of the moment.
Anyways, will try to follow the procedure and hope this helps me in this regard…fingers crossed !!

Can you help me with this step? How to identify my current key format?

Choose the Key Format :

  • Servers using OpenSSL — like Apache and NGINX — generally expect PEM files (Base64-encoded ASCII), but also work with binary DER files.
  • Servers using Windows and Apache Tomcat require PKCS#7 (a .p7b file).

I am afraid that won’t work, you’ll always need a certificate on your server for a secure site.

Depends on the certificate you get, but the Origin certificate I mentioned earlier is PEM by default.

Does this mean anything NOW?

It means that you have a certificate for your naked domain. If you don’t need it for the “www” record you can now proceed and install it on your server just like any regular certificate (it actually is a regular certificate).

I want a www. But i dont know how!! And there was something like * (wildcard) that i REVOKED and kept just as the only host

You probably shouldn’t have done that. I’d recommend to remove that certificate and create a new one without changing the hosts and save everything and install it on your server. Once that is done your server should respond fine and there shouldn’t be a 525 any more.


I would truly be grateful if you could guide me with two things

  1. to get a www
  2. How to install the certificate on my server

www is covered by the wildcard. As far as the installation is concerned, I believe the article addresses that as well, but further details are best discussed at e.g. StackExchange as that would not not be a Cloudflare-specific topic any more.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.