Not exactly. An invalid certificate would throw a 526, in your case it appears as if Cloudflare can’t establish an SSL connection at all and that wouldn’t be necessarily certificate related.
So the issue appears without you touching the server at all and then disappears after about half an hour?
What exactly do you mean by connect? Via HTTPS directly or via SSH? If it is the former, then that would be a key bit of information, as it would suggest that TSL is still working.
A few questions regarding your setup
- How many IP addresses do you have configured on Cloudflare? Do you proxy to just one machine or more?
- Is there anything in front of Nginx?
- Do you run anything loadbalance-ish directly on your server?
- You said you are running Nginx. Is that all or does Nginx proxy anywhere onwards?
- Anything particular about your Nginx TLS configuration?
- Do you have anything of the sort of fail2ban configured?
Based on your description - and assuming it is not a Cloudflare issue - my best guess would be that you have some sort of rate limit or temporary ban (hence the question about fail2ban) configured which occasionally kicks in (too many requests over a period of time?) and blocks Cloudflare. Usually I’d expect that rather to be a 523 or 524 instead of a TLS error, however that might depend on how that ban is implemented. Again, just speculation