Google and Let's Encrypt SSL error

Website, Application, Performance Security
1

What is the name of the domain?

kharel.tel

What is the issue you’re encountering

SSL handshake failed Error code 525

What steps have you taken to resolve the issue?

Main domain is getting SSL from Let’s Encrypt and subdomain is getting from Google. I tried all the Cloudflare Wiki and community solution.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Flexible

What are the steps to reproduce the issue?

SSL handshake failed Error code 525

2

I have tried “What is the current SSL/TLS setting?” to all mode like (Full (Strict, Full, Flexible)

3

Is this normal?
Common Name (CN) domain.com
Organization (O)
Organizational Unit (OU)
Common Name (CN) E5
Organization (O) Let’s Encrypt
Organizational Unit (OU)
Issued On Thursday, January 2, 2025 at 6:53:49 PM
Expires On Wednesday, April 2, 2025 at 7:53:48 PM

Common Name (CN) Subdomain.com
Organization (O)
Organizational Unit (OU)
Common Name (CN) WE1
Organization (O) Google Trust Services
Organizational Unit (OU)
Issued On Thursday, January 2, 2025 at 2:51:56 PM
Expires On Wednesday, April 2, 2025 at 4:51:53 PM

4

Proxied :orange: Cloudflare domain and DNS records are under the Universal SSL Certificate which uses different CAs for SSL which you’re seeing when checking your (sub)domain on online tools.

Furthermore, since your hostname(s) are behind :orange: , possibly the origin SSL certificate isn’t able to renew due to the SSL settings at Cloudflare dashboard.

Before moving to Cloudflare, was your Website working over HTTPS connection?

Steps for troubleshooting:

  1. Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
  2. The link is in the lower right corner of that page.
  3. Give it five minutes to take effect, then make sure site is working as expected with HTTPS without any error
  4. Check with your hosting provider / Plesk panel / cPanel AutoSSL / Let’s Encrypt / ACME / Certbot and manually click to renew it
  5. Only then, when your website responds over HTTPS, you should un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s set to Full (Strict).
1 Like
5

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.