New SSL certificate working for 2 weeks, now get 525 error


#1

I am using the Cloudflare basic plan. The shared SSL was causing CSS issues on my site and could not find a fix here or in any other forum. When I typed my URL in a browser, it resolved to http, not https. I tried changing the SSL settings under the Crypto panel from flexible to full and full (strict) but that made no difference.

On the advice of some technical buddies of mine, I decided to purchase a dedicated certificate from my provider, GoDaddy. I set SSL to full (strict) and suddenly SSL is working and no issues with style sheets. I did get a mail from GoDaddy telling me my DNS was not configured to resolve my domain to my IP address. I checked this A record on the Cloudflare DNS admin panel and it was configured correctly, so I ignored this, as everything was now working fine.

Now, 2 weeks later, after changing no configuration at all, I suddenly get a 525 error. In this community KB, all possible solutions relate to configuration issues on the web server. I called GoDaddy support and they said as they were not managing my DNS and I was using a Cloudflare SSL certificate, so they could not help me. The referred me to an SSL checker (https://sslwizard.co/ssl-checker/) which confirmed this.

Now, to get my website to work again, I have paused my site on Cloudflare and changed the DNS name servers back to GoDaddy. The domain is resolving to the correct IP address and I am using my SSL certificate purchased from GoDaddy.

So, this is a complete mystery to me. Why, after 2 weeks with SSL working fine, did I suddenly get the 525 error from Cloudflare?

Was it that I was using the Cloudflare certificate all along and it is not possible to use another providers SSL certificate while on the Cloudflare basic plan (would seem strange)? If that is the case, then why did SSL mysteriously start working once I installed a certificate on my web server? I had been using the default SSL settings (I had not touched this). Did I somehow dream this and was in fact using Flexible when I should have been using Full/Full (strict)? As mentioned above, changing the settings earlier had not made any difference with the Cloudflare shared SSL certificate.

I hope there is a simple answer to this, otherwise I will have to permanently stop using Cloudflare. Thanks for your help in advance.


#2

A 525 means there’s a problem with the SSL connection on your server. I see you’ve tested your server directly and it looks good.

Next step would be to go back to using the Cloudflare name servers, but use the DNS page here to toggle your DNS entries between :orange: and :grey:. Orange goes through Cloudflare with your Cloudflare certificate. Gray will go direct to your server.


#3

Hi sdayman, thanks for responding. I reactived the site on Cloudflare and changed the name servers back to Cloudflare. Without playing with any of the DNS settings as suggested - i.e. changing orange to grey, everything is working again perfectly. However, repeating the SSL check (I cleared the cache) shows my domain is resolving to my IP and I am using my Godaddy SSL Certificate… so am completely confused. But as the 525 error is fixed, I am still using cloudflare and my own SSL certificate, I am happy with the end result


#4

It’s likely DNS hasn’t fully propagated yet, which would explain why you’re seeing your own SSL certificate.

What’s the domain?