My website seems to be encountering a 525 error due to the deployment of Cloudflare’s SSL certificate, and I need help.
What are the steps to reproduce the issue?
My steps were: in SSL, Origin Server → Create Certificate → Hostnames, I removed the wildcard [myhost,myhost] and changed it to my subdomain dydmyhost. After deploying the created SSL certificate to the server, an Error 525: SSL handshake failed occurred. Later, I tried using the default options [myhost,myhost] and created the SSL certificate again, and the error disappeared—everything seems normal now. I’m very confused about this. Could the issue be that I can’t create a certificate for a single specified subdomain alone?
Based on what you shared, the 525 SSL handshake error likely occurred because the SSL certificate didn’t match the subdomain you specified (dydmyhost). Cloudflare expects the certificate to cover all requested hostnames, and removing the wildcard may have caused a mismatch, breaking the handshake.
When you recreated the certificate with the default wildcard settings, it worked because it matched the expected domain structure. So the issue was likely due to creating a certificate for just one subdomain without wildcard coverage. For full coverage, I’d recommend including wildcards where applicable.
Can we understand that Cloudflare cannot create a standalone certificate for a subdomain to deploy on the origin server, and the wildcard provided by Cloudflare should not and cannot be removed unless dealing with third-level subdomains?
There’s no problem with creating Origin Certificates that cover only a subdomain.
If you see the error again, please pause Cloudflare and verify that the certificate that is served by your Origin is the correct certificate you created on Cloudflare.
