Getting 502s and ssl certificate issues from cloudflare for the past week

What is the name of the domain?

What is the error number?

502

What is the error message?

502 Bad Gateway - clouflare

What is the issue you’re encountering

Randomly getting 502s and SSL certificate errors

What feature, service or problem is this related to?

DNS records

Sorry for not providing more info in the original post, but I kept getting this error when submitting my issue: “Sorry, new users can only put 4 links in a post.” So I ended up making dozens of attempts at posting and this is the one that did it.

Here is a more detailed explanation:

We have a web app hosted on Heroku, assigned as proxied CNAMEs on our cloudflare DNS Zones, that is randomly giving us “SSL Certificate Errors” on HTTP calls for the past 6 days, or 502 Bad Gateway errors:

We have contacted heroku support, here is their response:

“I have thoroughly reviewed this and found no issues on the platform. The certificate appears to be in order. Could you please check with the domain provider to see if there are any ongoing issues?”

Given this answer, and the fact that “502 Bad Gateway” specifically signed as “cloudflare” is documented online to be an internal error from cloudflare proxies, we contacted Cloudflare, marking our support ticket as a “registrar issue”, here is their response:

“It appears that you may have accidentally picked the wrong category for this issue since you chose a Billing/Registrar case, but your account is a Free account. While we only offer direct support to customers who have a Pro, Business, or Enterprise account, we do offer resources for everyone.”

Since it is pretty clear that this issue is no longer actionable on our side, we are at a loss for solutions.

We are still completely out of solutions here. Where should we ask for support?

Thank you for writing and feedback.

If Cloudflare is temporary paused, does your backend work as expected over HTTPS and using a valid SSL certificate installed on the origin host?

  • Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
  • The link is in the lower right corner of that page.

Is backend configured to listen on both 80 and 443 on the origin host?

Are those CNAMEs proxied :orange: as well?

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )? :thinking:

One of our website (wordpress) starts getting the same issue (it used to work fine). We tried temporary paused for that domain and everything worked as expected but issue returned when stop pausing. All of domain’s CNAMEs are proxied and SSL/TLSs selected as Full Strict. In addition, we tried on Firefox and get the message as in the screenshot while Edge and Chrome loaded super slow and then the issue occured.

In the meantime, everything seems working fine from the backend (wp-admin) like editing pages/posts/settings, etc.

We tried changing to another page as homepage and the issue is no longer. We’ll monitor and report back here if any difference.

Thank you for your help! Here is all the info I could gather.

I tried pausing Cloudflare and could not reproduce any of the errors (“SSL Certificate error” or “Bad Gateway”) when Cloudflare was paused. Doesn’t mean it’s fixed, as the error appears very randomly.

I could not give you a definite answer on whether our app is configured to listen on both 80 and 443 on the origin host, but all I can tell you is that as user @muonnoi seems to claim as well, we haven’t changed anything related to listening ports or anything major related to HTTP access in the past 5 years, and the error only started to appear in the last 2 weeks.

Yes, the CNAME rules are proxied, they have the little orange cloud. This is what I meant by “proxied CNAMEs” :sweat_smile:

Current encryption mode: Full (strict)