Frequent 520 responses

dash-crypto
#1

I’ve read the knowledge base article and various posts around the web but I need a little further help debugging the issue please.

My suspicion is that it relates to a recently re-issued Lets Encrypt SSL certificate but all looks in order on the server. Should we be using those or just use CF’s Origin Certificate?

Until I bipassed CF this was one of the Ray IDs: 4d3d529038c53621 which was at 2019-05-08 17:58:34 UTC.

Thanks in advance,

Tim

#2

Hi @tim25, sorry about that 520 you’re hitting, but I doubt it’s certificate related. Generally, you should have one certificate, one secures the connection to cloudflare from your visitors and one on your origin that secures the connection between Cloudflare and your origin. Regarding the 520, that’s a big bucket of errors and is discussed in this tip, Community Tip - Fixing Error 520: Web server is returning an unknown error.

In addition to a new certificate, do you know of anything else that’s changed recently on your origin? And, can you verify that the site was running as expected prior to the certificate update?

#3

Thanks @cloonan but I’d already read through those which is why I was reaching out -just realised where the (semi) hidden contact us form is so have reached out there.

I’m not sure when the errors started and the SSL was just a suspicion as that changed around the same time. The origin server is using Lets Encrypt, would it be better to use Cloudflare’s origin certificate instead given that expires every 15 years?

Nothing else has been changed on the site for a good few months other than content frustratinly. There are other sites running on the server and they seem fine (although I’m not sure we’d know as we’ve got no error logs of this happening -it’s only because it was reported).

The site seems fine now it’s bipassing Cloudflare but is a little sluggish sometimes which we’ll look into, could that be the issue (still talking 1-3s rather than 30s)?

#4

Regarding certificate for the origin, I’d take the most cost-effective route (I have a bias towards free & cheap); if you have to pay for the origin and you’re only using to connect to cloudflare, go the route of a free self-signed. If that cert is free and in place on the origin, I’d leave as is.

Yes, the sluggishness you mention could be leading to the 520. Can you share your ticket number? I’d like to keep track of that to resolution.

1 Like
closed #5

This topic was automatically closed after 14 days. New replies are no longer allowed.