Getting error code 525

4041privacy · August 15, 2023, 3:21am

Getting error code 525. Have reviewed multiple articles and even purchased advanced cert from Digicert. Also, purged cache. Cannot figure out what I am doing wrong. Have Full (strict) enabled.

headinthecloud · August 16, 2023, 9:42am

Hi there @4041privacy ,

Thanks for contacting Cloudflare Community, sorry to read that you’re experiencing difficulties.
I’ve ran some tests and it seems you do not have a valid origin certificate.

Bear in mind I will not post the full results for privacy concerns, but this is what I’ve encountered while attempting to check your Origin certificate:

40972A406A7F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:../ssl/record/rec_layer_s3.c:303:
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 326 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

curl -svo /dev/null https://yourwebsite.com/ --connect-to ::your_origin_IP 2>&1 | egrep -v "^{.*$|^}.*$|^* http.*$"

* Connecting to hostname: your_origin_IP
*   Trying your_origin_IP:443...
* TCP_NODELAY set
* Connected to your_origin_IP port 443 (#0)
* ALPN, offering h2
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to yourwebsite.com:443 
* Closing connection 0

As such, I strongly recommend that you change your change your encryption mode to Flexible, and afterwards implement an Origin CA certificate:

system · August 31, 2023, 9:43am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.