Hello,
I know that there are a few topics regarding this issue on the forums, as well as an official support document, but I was still not able to diagnose the issue I’m having, and to solve it. I’m sorry to ask for your time, but I’d be grateful for any advice on this manner.
I’ve been using Cloudflare with pretty much the same configuration for about half a year, and I haven’t touched my server’s configuration in about the same length of time. For the first five months of this year, everything has been going smoothly, but since roughly the beginning of June, I’m getting random spikes of SSL Handshake Failed errors across my domains and subdomains.
I understand that that would typically mean that the certificate I’m using on my server is invalid, except… it’s not really, I have configured auto-renewal on Let’s Encrypt certificates for each of my subdomains, and the renewal process seems to be working. Out of curiosity, I have disabled the Cloudflare proxy for one subdomain, so you can see that there is no problem with accessing the site due to invalid, revoked or expired certificate: https://office.milanvit.net/. On the contrary, https://www.milanvit.net/ is not accessible at this moment, but I suspect it will be in a few minutes (details in the last paragraph). As expected, we’re back in full strength
It could also, according to the support document, mean that my server doesn’t support SNI – but according to the Qualsys SSL Server Test, that doesn’t seem to be the case, as running the test for the subdomain office.milanvit.net
reports that “This site works only in browsers with SNI support.”.
Finally, the problem happens both with SSL settings set to Full and Full (Strict). What to me seems as a very strange is that the problem always appears randomly (sometimes when I’m asleep, so definitely not as a result of Cloudflare nor server configuration change), and also always goes away after around 20-40 minutes, all on its own.
I’m using Nginx on my server (managed fully by Dokku), and I’d be happy to try any advice you could kindly provide to me. Thank you so much for your time and guidance.
Edit: I wanted to add that I don’t see anything suspicious (or rather, anything at all) in Nginx error logs. If it could be related to Cloudflare not being able to establish connection to my server, then it should probably also be noted that my server is a dedicated server hosted in Hetzner’s data center – and while that doesn’t have to mean anything, even in times when Cloudflare gives me 525 errors, I can still connect to the server from my current location.
Edit 2: My server is located in Hetzner’s German data center, and I’m noticing that all traffic from Germany has been re-routed, according to https://www.cloudflarestatus.com/. Could that be the cause of the issue? But surely re-routing the traffic would not take 30+ minutes, so perhaps not…