Make sure your host has actually enabled SSL here at the origin because it looks like it does not support it today:
$ curl -svo /dev/null https://www.shamhussain.com/ --connect-to ::x.x.x.x
* Expire in 0 ms for 6 (transfer 0x556552df3fb0)
* Trying x.x.x.x...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x556552df3fb0)
* Connected to x.x.x.x (x.x.x.x) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to x.x.x.x:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to x.x.x.x:443
error: exit status 35
You can test this for yourself using cURL:
curl -svo /dev/null https://www.shamhussain.com/ --connect-to ::x.x.x.x
x.x.x.x with your origin IP. If you then try http:// (e.g. no s) you’ll see a response.
If you enable FULL you would likely get a HTTP 525 error here because your origin isn’t allowing an SSL connection. Flexible can cause redirect loops (you will need to disable any redirects to SSL at your origin) and is less secure, so do try to get SSL working on the origin so you can use Full or Full Strict.