IIS 6.0 and Cloudflare 525 Errors

Hi, I am going crazy trying to resolve 525 errors - initially they were intermittent, but now permanent.
I have replaced the cloudflare origin SSL certs today with no change in outcome.
I have checked the SNI settings, ciphers etc with no luck. The site used to work just fine before i put it behind Cloudflare, when I had a normal SSL certificate from a normall SSL provider.
My server is Windows Server 2003 with IIS 6.0. Could this be the problem and is there a workaround?


2003 and IIS 6 is not exactly the most recent setup and I could easily imagine cipher or SSL version issues.

But the main question is, does the site work fine on HTTPS when Cloudflare is paused?

1 Like

IIS 6 actually does not support SNI, though that’s not necessarily the issue, assuming it’s the default host.

Still, legacy setup and does it work with Cloudflare paused?

Overall, I’d really recommend to move to a newer and supported version.

1 Like

Sandro thanks for replying.
SNI does seem to be working, as I have two websites on the server and can connect to each one from a browser.
I would love to upgrade, it’s just not possible right now.


Sandro - no it does not work when Cloudflare is paused!
What does that indicate?

That’s usually a key indication that the site isn’t properly configured on the server.

Can’t you put that back?

What error are you seeing while paused?

Then you have got your answer and we dont even need to continue here. Your site needs to be working fine on HTTPS before you add it to Cloudflare.

Make sure it does and only then consider Cloudflare.

And again, upgrade to a current system. Your current setup is not not only supported any more but probably also why you can’t get SSL to work.

1 Like

OK thanks I will try that.

That is likely to fix the issue. Still, first make sure the site loads fine on SSL without Cloudflare. Once that works it should also work with Cloudflare.

Hi. I reset everything and pointed the domain back to the original name servers and paused Cloudflare. I got a SSL cert from another provider and installed it. It fails in modern browsers because IIS 6.0 only supports TLS1.0/1.1. So I removed the certs and got the site working without SSL altogether.

Then I pointed the domain back to Cloudflares name servers, with SSL set to “Flexible”. The site now works. However when I then install the Origin cert on my server and the SSL on Cloudflare set to “Full” or “Strict” the 525 errors reappear. My assumption is now that Cloudflare certificates won’t allow a Full or Strict style connection when the webserver is on Windows Server 2003. Do you think this is correct?

Absolutely not. You have now made your site insecure.

As I said earlier.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.