May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?
How about your SSL certificate at the origin host? Was the origin SSL certificate renewed and is it valid?
Please double-check your SSL certificate at the origin host and adjust the SSL/TLS option at Cloudflare dashboard accordingly.
Does it work fine over HTTPS with a valid SSL certificate once Cloudflare is Paused temporary?
Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
The link is in the lower right corner of that page.
Give it five minutes to take effect, then make sure site is working as expected with HTTPS without any error
Check with your hosting provider / Plesk panel / cPanel AutoSSL / Let’s Encrypt / ACME / Certbot and manually click to renew it
Only then, when your website responds over HTTPS, you should un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s set to Full (Strict).
May I ask what troubleshooting steps related to the 525 error you’re experiencing have you tried already?
Your origin’s SSL for the apex hostname is fine, but www is broken on Port 443: * LibreSSL/3.3.6: error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error
I got also response from Cloudflare to setup as Flexible so it does not go through 443 port and still same thing. I use Webflow here and besides some spike today in requests - no other changes were made for months. What could that be? all I want the site to be up again
That’s not going to work, because Flexible will make an HTTP request to the origin, but your origin is redirecting to HTTPS.
You need to fix the origin server. To make troubleshooting easier, you should set your DNS record for www to DNS Only. Then ask your web host for assistance.
DNS Only. Then ask your web host for assistance.