Randomly getting Error 525 each day or each few days

This is the same error as shown here Community Tip - Fixing Error 525: SSL handshake failed.

But it is not our servers or at least if it is there is some weird thing happening for 1-3 minutes each day because the rest of the day it works fine.
We use digital ocean with a load balancer, which doesn’t handle SSL but each origin server does. The SSL we are using is Full (strict) using the Cloudflare Origin CA certificate on every server. We also have another server which doesn’t use the Cloudflare proxy (to avoid upload limits, but turned into a backup domain because of Cloudflare issues) and it works fine while these issues are happening, which leads me to believe this issue is not on our side.

I was thinking of using Cloudflare’s load balancer, but I don’t even know if that would avoid this issue since I assume the same connection would be occurring.
My other option is to just go back to having the origin servers use letsencrypt instead of the Cloudflare cert.

I have checked every log possible and I have never had any form of error. The only thing I see is traffic drop to 0 while the error happens.

Why can’t I edit my post to add extra information or format it better?

Can you explain this? How can this work if you are using SSL Mode Full (strict)? As Full Strict always require a SSL Cert, and it must be valid.
(and compatible with CloudFlare, like described here Community Tip #525 §5)

An 525 Error actually indicates that CloudFlare was not able to establish an SSL connection.

To test if your LoadBalancer is the problem, just disable him for a day or two and point from your Domain behind CloudFlare directly to one of your server. If the problem does not occure anymore its the LoadBalancer which is (as you said yourself) not beeing able to handle SSL connections.

It means it passes through to the origins exactly as is, and they handle the SSL.

I use Full Strict, as I described, using the Cloudflare CA certificate. It would not be possible for the site to work at all if I didn’t. These errors are random each day. Everything in the linked topic and all referenced topics from it are tried or fine (some topics look like the same issue, but the user goes ignored).

You literally linked the topic I already linked, like I see in all the topics where other people have random 525 errors without a solution.


Maybe its because if a Error 525 happens its not up to CloudFlare. If something happens it clearly states:

CloudFlare is working fine and something behind CloudFlare does not let CloudFlare establish a SSL connection. So the part where the error is getting produced is actually behind CloudFlare.

If you followed the CommunityTip this is everything you can do for ensuring the problem if not at CloudFlare. And therefore I recommended you to turn of the LoadBalancer for a day or two and test it without. Because what you now have to find out is:

Is the error getting generated at:

  1. one of my servers?
  2. the loadbalancer solution by DigitalOcean?

That’s what they claim, but when multiple people have an issue where it completely randomly stops connecting but everything else keeps connecting to it then it could be cloudflare issue. I’m not going to bother with the rest of your post because you completely dismiss that there could actually be an issue with cloudflare and not the huge amount of log checking and monitoring I have already done.
I’ll give it time to see if there is someone open to the actual issue instead of just linking to something I already linked to on the very first line and then just change to using letsencrypt certs instead of the Cloudflare ones, then change to the cloudflare load balancer directly if that doesn’t help. And if the issue persists move to a different service.


It could … yes but chances are small.

If you are to fine to follow a simple test just because it could be something else, or its not the answer you expected then I guess neither I NOR someone else can help you.

Good luck with the problem.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.