Impossible to migrate Flexible SSL to Full (Strict): Error 525

I using Cloudflare with Flexible SSL mode, and I want to switch to Full mode.
When I try to do it, I got an Error 525 on all my domain.

This is my nginx configuration:

server {

   listen  80;
   listen  443;

   if ($http_x_forwarded_proto = "http") {
      return 301 https://$server_name$request_uri;

   ssl  on;
   ssl_certificate /etc/nginx/Cloudflare_cert/fullchain.pem;
   ssl_certificate_key /etc/nginx/Cloudflare_cert/privkey.pem;

   include /etc/nginx/conf.d/Cloudflare;

   root   /var/www/mywebsite;
   index  index.php;

   location / {
      # main codeigniter rewrite rule
      try_files $uri $uri/ /index.php?/$request_uri;

      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forward-Proto http;
      proxy_set_header X-Nginx-Proxy true;


   # php parsing
   location ~ \.php$ {
        include fastcgi_params;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

   error_log  /var/log/nginx/exemple_error.log;
   access_log  /var/log/nginx/exemple_access.log;


server {
   listen  80;
   listen  443;
   return 301$request_uri;

The Cloudflare include contain the set_real_ip_from; for all Cloudflare IP, update every week.
I’m using the certificate generate by Cloudflare as explain here.

I tried with Full mode and Full (strict), but always the same problem. No problem in flexible mode.
Each time I try a change of SSL, I wait about 15min to be sure the change is correctly apply in DNS. Should I wait longer ? In Crypto page, Cloudflare display: “Status Active Certificate”.
Did I miss something ?

I’m not an NGINX conf expert, but my listen 443 directive looks like:
listen 443 ssl http2;

Maybe the “ssl on;” line you have does the same thing.

Otherwise…did you restart NGINX?

Yes it’s the same thing …
In fact to be sure use the right syntax for Cloudflare, I followed this simple tutorial:

Of course I restarted nginx ^^

Since nobody is jumping in (yet), I’ll take a few more shots. No, you shouldn’t have to wait any time at all when switching SSL modes.

If you :grey: the site and visit it via HTTPS, is there any indication there’s a certificate? Like a self-signed warning?

Yes I guess, but I can’t check now, I have to do it early in morning cause my website is in production.