SSL handshake failed
Due to the 525 error, kindly, may I ask have you checked within the steps from below articles regarding this error showing up for your Website as it’s obviously you are having a situation where:
The origin host for your domain does not work over HTTPS
The SSL certificate is not being installed or is not a valid one for your domain
Wrong SSL option being selected in Cloudflare dashboard on SSL/TLS tab
Possible use of a port for your app on your domain which is not compatible and supported with Cloudflare while using
cloud (proxy mode) for that hostname (DNS record)
May I ask, before moving to Cloudflare, was your Website working over HTTPS and have you had an valid SSL certificate installed at your host/origin server for your Website?
Moreover, may I ask which SSL option have you got selected under
the SSL/TLS tab of Cloudflare dashboard for your domain? ( Flexible, Full, Full strict …)
Try the suggestions in this Community Tip to help you fix Error 525: SSL handshake failed.
Error 525 indicates that the SSL handshake between Cloudflare and the origin web server failed. This only occurs when the domain is using Cloudflare Full or Full (Strict) SSL mode. This is typically caused by a configuration issue in the origin web server, when this happens, you’ll see “Error 525: SSL handshake failed”.
Quick Fix Ideas
If you are a site visitor, report the problem t…
Here is a way to re-check if you correctly setup the SSL for your domain with Cloudflare:
This tutorial covers getting SSL working with Cloudflare in various different scenarios.
This assumes you already have your website set up on Cloudflare with all your DNS records set to
, if not - please visit Step 1.
Do you want the website to use HTTPS?
YesDo you already have a valid SSL certificate installed on your server (i.e. does it already load over HTTPS with a )?
If your website already works over HTTPS, you can just set your SSL mode in Cloudflare to Full (strict)…
If any other issues appear, follow the needed steps for troubleshooting from article below:
This tutorial post covers the steps you should take if you have enabled Cloudflare, but HTTPS is not working on the site.
If your main domain is secure, but a subdomain is not, please see
SSL/TLS not working on subdomain.
1. Check that the DNS record is set to
In the DNS app in your Cloudflare dashboard, check that the DNS record for your domain is set to , not . If it is , Cloudflare is disabled on the site and none of the SSL settings will take effect.
Regarding available SSL options at Cloudflare dashboard, check here:
SSL/TLS Configuration Video:
This tutorial covers basic settings in the SSL/TLS app of the Cloudflare Dashboard, including SSL Mode [Off/Flexible/Full/Full (Strict)], Cloudflare Origin Certificates, ‘Always Use HTTPS’ and ‘Automatic HTTPS Rewrites’.
The settings covered here can all be found by visiting
Cloudflare.com, logging in, selecting the domain and choosing the SSL/TLS app.
The connection between your visitor and Cloudflare and Clou…
In case you do not have an SSL certificate, you can use Cloudflare SSL, if so, kindly make sure you follow the instructions as follows on the below article to setup an SSL certificate using Cloudflare CA Origin Certificate:
Last but not least, kindly have a look here for more information regarding correct SSL settings:
Unencrypted & unverified connections
Imagine you open Paypal and suddenly get that warning
Would you continue? Probably not. For decades leaders in IT security have advocated that people upgrade their sites from unencrypted HTTP to secure HTTPS. And for a reason, everything you send via an HTTP connection is sent in plain text and can be intercepted at any point between you and the server.
Equally, you’d probably not proceed if you got such a warning, right?
That’s when th…
Ports list compatible and supported when using
cloud (proxy mode) on Cloudflare can be found here:
Furthermore, kindly re-check if Cloudflare is allowed to connect to your origin host to as follows in the below article:
Nevertheless, Cloudflare IP addresses list can be found here: