New SSL certificate working for 2 weeks, now get 525 error


#1

I am using the Cloudflare basic plan. The shared SSL was causing CSS issues on my site and could not find a fix here or in any other forum. When I typed my URL in a browser, it resolved to http, not https. I tried changing the SSL settings under the Crypto panel from flexible to full and full (strict) but that made no difference.

On the advice of some technical buddies of mine, I decided to purchase a dedicated certificate from my provider, GoDaddy. I set SSL to full (strict) and suddenly SSL is working and no issues with style sheets. I did get a mail from GoDaddy telling me my DNS was not configured to resolve my domain to my IP address. I checked this A record on the Cloudflare DNS admin panel and it was configured correctly, so I ignored this, as everything was now working fine.

Now, 2 weeks later, after changing no configuration at all, I suddenly get a 525 error. In this community KB, all possible solutions relate to configuration issues on the web server. I called GoDaddy support and they said as they were not managing my DNS and I was using a Cloudflare SSL certificate, so they could not help me. The referred me to an SSL checker (https://sslwizard.co/ssl-checker/) which confirmed this.

Now, to get my website to work again, I have paused my site on Cloudflare and changed the DNS name servers back to GoDaddy. The domain is resolving to the correct IP address and I am using my SSL certificate purchased from GoDaddy.

So, this is a complete mystery to me. Why, after 2 weeks with SSL working fine, did I suddenly get the 525 error from Cloudflare?

Was it that I was using the Cloudflare certificate all along and it is not possible to use another providers SSL certificate while on the Cloudflare basic plan (would seem strange)? If that is the case, then why did SSL mysteriously start working once I installed a certificate on my web server? I had been using the default SSL settings (I had not touched this). Did I somehow dream this and was in fact using Flexible when I should have been using Full/Full (strict)? As mentioned above, changing the settings earlier had not made any difference with the Cloudflare shared SSL certificate.

I hope there is a simple answer to this, otherwise I will have to permanently stop using Cloudflare. Thanks for your help in advance.


#2

A 525 means there’s a problem with the SSL connection on your server. I see you’ve tested your server directly and it looks good.

Next step would be to go back to using the Cloudflare name servers, but use the DNS page here to toggle your DNS entries between :orange: and :grey:. Orange goes through Cloudflare with your Cloudflare certificate. Gray will go direct to your server.


#3

Hi sdayman, thanks for responding. I reactived the site on Cloudflare and changed the name servers back to Cloudflare. Without playing with any of the DNS settings as suggested - i.e. changing orange to grey, everything is working again perfectly. However, repeating the SSL check (I cleared the cache) shows my domain is resolving to my IP and I am using my Godaddy SSL Certificate… so am completely confused. But as the 525 error is fixed, I am still using cloudflare and my own SSL certificate, I am happy with the end result


#4

It’s likely DNS hasn’t fully propagated yet, which would explain why you’re seeing your own SSL certificate.

What’s the domain?


#5

Yes, you’re right. Once it had, I got the 525 error again and had to switch the DNS back again. I will switch it back to Cloudflare and try your troubleshooting steps (was travelling the last days. It’s a travel blog: the-earlybird.co)


#6

A better approach is to leave the name servers set to Cloudflare and keep them that way.

Then you can use Cloudflare DNS and switch it to :grey: if your Cloudflare setup isn’t working. Cloudflare DNS has a 5 minute TTL, so propagation is quick.


#7

Yes, I tried changing the A record to grey, but it didn’t make a difference and I couldn’t change the CName records using my mobile devices.
Now, I changed the DNS name servers back to Cloudflare, leaving the A record greyed. This now seems to have worked. I waited some days to make sure the DNS records were propigated. A check on SSL Wizard shows I am using the Go-daddy SSL certificate.
Thanks a lot for your help!


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.