Random SSL 525 error

Website, Application, Performance Security
1

https://strapi.birdblocker.com/admin

https://community.cloudflare.com/t/random-http-525-ssl-handshake-failed-errors-that-go-away-after-20-minutes/184232

When you tested your domain, what were the results?: SSL handshake failed 525

What error message or number are you receiving?: 525

See the other thread I referenced for more info. It is closed so I cannot reply there…
Everything was working for the last weeks until I suddenly got the error with any interaction from my side.

What can be the cause of this?

4

It looks like the certificate on your origin server may have been removed. To identify the cause and resolve the issue, please start out by pausing Cloudflare. This will enable you to connect directly to the origin and see the exact error message. Then you can resolve the issue and enable Cloudflare once again.

2 Likes
5

Thank you but I verified the SSL certificates are there on my VPS. I have multiple Dokku apps and they all have the certificates, I even reran the command to add one.

I now disabled proxying to verify like you suggested. I have to wait a bit to see.

6

I now get a ERR_SSL_PROTOCOL_ERROR error in chrome when viewing the url…

8

This is my certificate report:

website-strapi ssl information
       Ssl dir:                       /home/dokku/website-strapi/tls
       Ssl enabled:                   true                     
       Ssl hostnames:                 strapi.birdblocker.com www.strapi.birdblocker.com
       Ssl expires at:                Sep 11 09:14:49 2023 GMT 
       Ssl issuer:                    C = US, O = Let's Encrypt, CN = R3
       Ssl starts at:                 Jun 13 09:14:50 2023 GMT 
       Ssl subject:                   subject=CN = strapi.birdblocker.com
       Ssl verified:                  self signed

Generated with dokku:certs:report as shown here https://dokku.com/docs/configuration/ssl/

10

The SSL connection is failing due to a bad signature on the leaf certificate. I am not sure what might be the cause of this, and troubleshooting SSL issues unrelated to Cloudflare is outside the scope of this forum.

You might benefit from generating and installing a Cloudflare Origin CA certificate. These are only valid for connections between Cloudflare and your origin, but the certificates can be set to last up to 15 years so you don’t have to deal with renewal.

If an Origin CA certificate does not solve the issue that could indicate the issue is with your web server configuration.

1 Like
11

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.