Intermittent 525 error suddenly

ssl

#1

Hello,
Suddenly when accessing my site https://azfurs.com and other sites on my server using cloudflare with Full (Strict) ssl on, I will get a 525 cloudflare error page every once in a while. It sometimes happens more frequently than other times. I took the a record off of cloudflare and tested and had no error, cert is showing as valid and issued to azfurs.com.
The web server is CentOS 7 with Plesk. Nothing was changed or updated in the past 7 days. Error started happening today to the best of my knowledge. Error logs are not showing anything SSL related, just some 404’s for missing css files that I already know about.


#2

To add to this, I just got the error on this site, is this a problem for all of cloudflare?


#3

Never got the issue myself. Can you go to https://cloudflare.com/cdn-cgi/trace and post the colo= value in case it’s datacenter-specific?


#4

colo=PHX


#5

I have an open ticket with support since yesterday (hopefully they are investigating, and not just ignoring it), but I wanted to post here as well.

We started getting complaints from customers about intermittent Error 525 a few days back. Couldn’t reproduce it ourselves. No changes in our Nginx config, nor Cloudflare settings (SSL=Full) any time recently. Did a bunch of tests directly to our server from other servers (openssl s_client), and various online TLS tests, no issues whatsoever.

Finally, when we asked the customers to forward to us more details about the Error 525 they are getting, all of the reports so far (half a dozen different users) are all referencing “Cloudflare Location: Phoenix”.

Also, when I do HyperSpin HTTPS test, it sometimes catches the same Error 525 and also only from Phoenix, Arizona location. Just managed to get it to happen again:

Something is broken at PHX location?


#6

Got a reply from support saying that the issue is likely local to our server.

Well, I just managed to get the 525 error to happen when testing “community.cloudflare.com”:
http://www.hyperspin.com/en/quicktest.php?action=result&qtid=1414958&r=1126

Again, only the Phoenix, Arizona location showing the error.


#7

Exactly, I sent them a screen shot of it happening on their site too. I think it is the phoenix location only having this issue.


#8

Support is still telling me that Error 525 means something is wrong with the origin SSL certificate, but they promised to investigate further from their end. Ugh, frustrating. After you give them solid evidence that it happens to multiple unrelated websites, including their own (community.cloudflare.com). I hope support will escalate this issue to someone who can fix it.

I encourage anyone getting any user complaints about this “SSL handshake failed” error, or “TLS handshake failure”, or “525 Origin SSL Handshake Error”, to open a support ticket. It is likely affecting all CloudFlare customers. You just don’t know about it, because it only happens when routed through Cloudflare’s Phoenix location, and only intermittently. And if Cloudflare gets more reports, they are more likely to assign a higher priority to this issue.


#9

This topic was automatically closed after 14 days. New replies are no longer allowed.