Help! Error 525 SSL handshake

I have a main domain: tradingcompare.com (hosted in bluehost)
And 3 sub domain hosted in another nginx server.

ltelay the 3 sub domain website are dysfunctionnals: sometimes they work and sometimes they does not work with error: 525 SSL handshake failed.

When running command: curl -svo /dev/null https://crypto.tradingcompare.com --connect-to ::165.227.130.199 2>&1 | egrep -v “^{.|^}.*|^ http.*$”
I got the error:
TCP_NODELAY set

  • Connected to 165.227.130.199 (165.227.130.199) port 443 (#0)
  • ALPN, offering h2
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (OUT), TLS alert, Server hello (2):
  • SSL certificate problem: certificate has expired
  • stopped the pause stream!
  • Closing connection 0

Then I noticed I had set the main domain on full mode but did not set the Origin Certificates on the nginx server. So I added the certificate and the key in the server and configured it.
Then I restart the server.

But I still getting the same error on those domains and when I do the same command as above, now I get:
TCP_NODELAY set

  • Connected to 165.227.130.199 (165.227.130.199) port 443 (#0)
  • ALPN, offering h2
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (OUT), TLS alert, Server hello (2):
  • SSL certificate problem: unable to get local issuer certificate
  • stopped the pause stream!
  • Closing connection 0

Please help !

which SSL cert did you install on your origin web server?
Make sure you have valid cert on your server!

I installed the certificat and key of cloudflare origin CA

Then that response doesn’t surprise me. I don’t expect Curl to recognize Cloudflare’s origin certificate.

But are you still getting the 525 error?

This topic was automatically closed after 30 days. New replies are no longer allowed.