Server on GCP app engine. Our subdomain subdomain returns a 525 error

We were checking our SSL certificates today and noticed an error on GCP. We turned of the proxies for the A records and AAAA records for the main domain ( and also the cname record for subdomain
We turned them back on to reset them. But it did not clear the error.
The main domain started working again. This is a website hosted on Kartra. (the error did not clear so assumed it’s not really an error???
But when the proxy on and turned it back on we could not reach the URL and it now returns a 525 error.

In the DNS we also tried removing the cname record for and re-adding it but it did not work.
On google app engine we also tried disabling the managed security and reenabling it. But this also did not work.
As per Cloudflare support we also tried switching to flexible mode for the SSL. But this only timed out with redirecting too many times errors on the subdomain

This is incredibly frustrating as customers cannot login in and change their plans or new customers cannot get to the website.

Any help much appreciated

Based on the message in the screenshot, GCP is checking the records to ensure the values match what they provided—i.e. an A record IP matches or a CNAME record has the correct value. When you proxy these Cloudflare will only show Cloudflare IP addresses so the records will not pass validation. Most platforms like this continue to check the records are valid at regular intervals.

1 Like

Ok. So why did the website on the main root keep working. They were both showing the error in GCP.

The subdomain has stopped and now returns a 525 error.
and yet the domain keeps working.

Did you try the tips outlined in this?

1 Like

Yeap. Tried that. All it did was time out too many redirects.
Tried turning off the Proxy on the dns- but then it returned at warning in Google that the IP address would be exposed for another sub-domain was use.
It has been a very confusing time- and not any closer to it working.

That suggests you disabled encryption altogether. You should never do that, always use Full Strict as encryption mode.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.