New 525 Error

GoDaddy Update…

They finally got in touch with someone who sounded like he knew what he was doing on the server side and familiar with Cloudflare SSLs.

We were on the phone 2+ hours and he could not figure it out. I sent him the information above. He tried to trouble shoot it and said he has been doing this for 12 years and never seen this happen before. The issue was intermittent while one the phone. Clear the cache on Cloudflare and Browser… get 525. Every once in a while, do a refresh and get to the page fine. Click on a link, sometimes it worked, other times 525. without him changing anything. He could not figure it out.

I ended up removing the site from Cloudflare and changing the DNS back to GoDaddy Default.

I will wait a couple days and try to set up Cloudflare Fresh.

Any advice/recommendations moving forward?

Thanks everyone for the help.

1 Like

Somehow all these errors do have two things in common:

  • Cloudflare
  • cPanel
  1. Error 525 - need clarification
  2. https://forums.cpanel.net/threads/cpanel-ssl-cloudflare-525-ssl-handshake-failed.687289/
  3. Error 525 - SSL handshake failed (cloudflare) -> The certificate uploaded is NOT for the domain name fsocietyproject.ml (CloudFlare Origin Certificate was seen) - Hosting Support - InfinityFree Forum

Somehow strange. Maybe it’s a cPanel thing.

Two things to try:

  1. SSL Mode “Full” instead of “Full strict” since it does not validate the SSL Cert, but there must be one.
  2. Just a guess, but could you (once you use Cloudflare again) remove your origin cert from the dashboard, create a new one, and then add the new one and try again?
    Otherwise, just use “Let’s Encrypt” as SSL if the origin SSL cert does not work.

Also: please use a publicly valid SSL cert, if you remove Cloudflare, since otherwise your Cloudflare origin SSL cert is getting used, which is not valid publicly, but just behind Cloudflare while proxied.

I tried different SSL settings, including Flexible-- did not fix it.

I will remove the Origin Cert and create a new one when I set Cloudflare up again.

Need to find a current “Walk Through” for setting Cloudflare up again…

In terms of a GoDaddy and cPanel hosting, I was wondering if they offer free AutoSSL certificate.

Doing some research on their website as I haven’t used GoDaddy web hosting and any other service yet, I have found out they do not offer this so far and the user has to purchase one - ouch!

Nevertheless, from the hosting packages - there are only 2 who have it “included - Free SSL”:

The process for the SSL goes like (you do not have it, purchase it first):

And they are not so affordable (too much money for something which is nowadays free):

I am just disapointed by this so far :frowning_face: :disappointed_relieved:

1 Like

Yes… Go Daddy wants close to $94.99/yr in the US when you renew.

My 5-year contract with them ends in April… not sure how hard it is/would be to transfer 4 sites, one with a different domain, to another Hosting Provider.

Cloudflare has nothing between Free and $20/month. None of the sites are complicated or sell anything. I just do not know if Free would do everything I currently do… Word Press Site. I am willing to pay, just trying to do it as affordable and reliable as possible.

Also, I do not know how my e-mail would be affected or transferred. I use an e-mail service (Zoho) to manage (host?) my e-mail, using my domain name- [email protected]. Would I just need to add the MX record in the new Host or do I need to make changes at Zoho?

Before moving to Cloudflare I had an expired SSL Cert and it did not connect by HTTPS. That was a headache in itself. Even though I deleted the Cert, the file remained on the server and had to be manually removed by GoDaddy. That took a week to figure out.

I mentioned that to the GoDaddy support yesterday, he said he has seen that happen a few times. He checked and made sure all CERTS were removed from the sever and then put a self-signed one on.

I tried Strict, Full and Flexible (I believe I got the terms correct), non-worked. The issue was intermittent, to some extent. IF you hit refresh 3-6 times the page might load. Only to fail again.

I ended up removing my site from Cloudflare and reset my DNS in cPanel. GoDaddy encouraged me to re-try Cloudflare, but wait 24 hours–just in case. He said he know a lot of GoDaddy clients use Cloudflare and had good things to say about it. But he could not find the problem on his end. He was the best support I have had with GoDaddy. Tried troubleshooting using both server and Cloudflare variables.

I never got the 522 error.

Thanks for your help.

Going to try to set-up Cloudflare again tonight. Any advice/concerns on re-setting it up on a site that was recently removed?

I am near done re-installing/setting up Cloudflare. Do I need to revoke the prior Cert? I came across this page. I assume the one with the nearest Expiration date is the OLD one?

I think I got it working… Including the message above, can someone check to see if it will load.

I thought I got it to load…

I received a BitDefender (Anti-Virus Suite) warning that it was unsafe URL. Happened on 2 computers. After I over ruled it, it seemed to work fine on 1 computer. It might have been a Rule in Bitdefender, that was created when it was not SSL and it needed to be over rided.

On my Windows 7 TV Computer I am getting a “this page isn’t working right now”… after a while it went to an Error 524 this time.

That was after clearing the cache in the browser.

https://dellazanna.com/

1 Like

@gary19 thank you for writing and feedback.

I hope you know which one is which :sweat_smile: (don’t revoke the wrong one)

Now when I check, I see a redirect loop in my Web browser 301 and/or 302.
Testing online, using below two tool to check this so far:

May I ask you to check if SSL settings is at Flexible SSL under the SSL/TLS tab of Cloudflare dashboard for your domain?, which is a know cause of this redirect loop (and mixed content too).

More about it here:

Otherwise, if it’s not Flexible SSL, then something about 301 HTTP to HTTPS redirection at your origin host/server → maybe some htaccess rule or something similar to check.

  • hopefully you are not using some Page Rule to achieve 301 redirection?

I revoked the prior cert. I am sure I did the correct one because I saved it as a word doc.

It is Full Strict now… and I am back to getting 525 error

I will not make any changes until I hear back from someone. I do not want to change it while some one is checking it.

This is something else weird…

CRAZY… Using the TV computer, which had a 524 error, I refreshed and got a 525 error and refreshed and got a partial load, some images missing, refresh again and now it is there with fewer pics missing,

And after a couple refreshes… they are all back.

Without changing anything in Cloudflare— Main page opens with HTTPS,

Link gets a warning of not secure with HTTPS crossed out.

Trying to Log In to Word Press — also has warning of not secure with HTTPS crossed out.

Can you click on Advanced for that Cert warning and show us what it displays? I’d like to see what it thinks the certificate is issued to.

Advanced for Cert… Where in cPanel or Cloudflare? I did not see it in either.

But this might be the/a issue. In cPanel I went to Manage SSL, I browsed for Certs and came across this. The DOT is on the self signed Cert.

Should I move it to Cloudflare? It seems like that might be the issue.

This one here:

This time when I went, I got the 525 error… refresh a few times and it loaded.


Yeah, but when it loaded, it was without the ‘www’. Maybe the server doesn’t have a cert that covers *.dellazanna.com

That’s why I wanted to see what “Advanced” revealed.

Did you see my comment about cPanel and it looks like Cloudflare Cert is not Active

I may have skimmed it a bit too quickly, but it’s making some more sense now. Does it let you select the other one that’s the Cloudflare Origin cert? That one looks like it should cover everything that would work in Full (Strict) mode.

I do not think that is the issue.

I can select it and it shows up in the area where I pasted it… if I open up browse Cert, it defaults to the self sign.