Only websocket says "error 525 - SSL handshake failed"



Hello guys,
I’ve been weeks trying to find the problem in question.
I inserted the ssl certificate from cloudflare on my site, and it can enter as secure, but when I go to the websocket page, error 525 appears.
I can not really solve it, and I need this to open my project :c
I use nginx system, with ubuntu operating system, websocket is on port 8443,

If I take the ssl certificate installed from my VPS, and disable https, the websocket works perfectly.
Now when I install the origin ssl certificate from cloudflare in my vps, and the websocket can not sign in with https.
I tested with a non-cloudflare certificate, and the following error appears:

Recalling that it’s just in the websocket (

The start part of my websocket is as follows:

The port is listed further at the end of the file, in 8443. I need help for this, the cloudflare support does not exactly tell me the reason for the problem, not to mention they are very time consuming to respond.


curl -Ikv https://your.server.ip:8443 results in an SSL handshake error, so the issue is somewhere on the server. Try adding the certificate to your trusted key store perhaps to see if that helps.


Thanks for your response cscharff,
But I installed the origin ssl certificate in my VPS in the nginx settings, until I saw the tutorial that cloudflare has and I did everything right, the nginx log does not give any error in relation to the certificate.
My server ip is: [redacted]
What do you mean with “try adding the certificate to your trusted key store perhaps to see if that helps”?


I was testing against your IP before to bypass Cloudflare completely and the command above also allows certificates but I was still unable to initiate an SSL handshake on 8443, though the same certificate works just fine on 443.

  • ALPN, offering h2
  • ALPN, offering http/1.1
  • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
  • successfully set certificate verify locations:
  • CAfile: /usr/local/etc/openssl/cert.pem
    CApath: /usr/local/etc/openssl/certs
  • TLSv1.2 (OUT), TLS header, Certificate Status (22):
  • TLSv1.2 (OUT), TLS handshake, Client hello (1):
  • Unknown SSL protocol error in connection to [ip address]

So the certificate appears to be fine since it works on 443 and since the error occurs when going direct to origin as well it doesn’t appear to be a Cloudflare error rather a server config one.

Exact steps would depend on the OS. Something like or perhaps. Not sure it will work, but it is a local server issue.


I understand that it is a bad configuration on the server or websocket, because I have a person who has the same system as mine, has ubuntu operating system and uses nginx, and was able to connect in cloudflare with the websocket in secure. I tried to add it to explain how it did, but it did not accept me, I already looked for too much and never found a solution for it

closed #6

This topic was automatically closed after 14 days. New replies are no longer allowed.