Site set up to redirect to https but reports 521 on browser access but the server is actually alive

crypto attributes as follows:

  1. always use https
  2. hsts (and the site accepted on
  3. automatic https rewrites
  4. minimum tls 1.2
  5. tsl1.3 - enable+0rtt
  • every other setting as standard
  • server is running nginx
  • nameservers are set to Cloudflare.
  • Cloudflare site status is active

nginx error log reports no activity when accessing the site

switching nameservers back (that is, removing the Cloudflare influence), the site works as intended on http.

I am at a loss from this point. Would appreciate some guidance.

zone records on digitalocean are:

$TTL 1800 IN SOA 1532938415 10800 3600 604800 1800 1800 IN NS 1800 IN NS 1800 IN NS 1800 IN A 1800 IN CNAME

I’m wondering if it’s the CNAME causing the problem?

What’s your SSL setting? (Flexible, Full, Full (strict)

Try to connect to your domain with cURL or telnet. Mostly 521 is caused when Cloudflare IPs ate blocked or your origin refuses connections on port 80 or 443


What’s your SSL setting? (Flexible, Full, Full (strict): Full(Strict)

curl output as below:

curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

✔ :(master) trust_accounts$ 

No entries in access.log or error.log

Also, SSL has not been implemented between Cloudflare and the origin server.

Active firewall is:

sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 21                         ALLOW IN    Anywhere                  
[ 2] 22                         ALLOW IN    Anywhere                  
[ 3] 80                         ALLOW IN    Anywhere                  
[ 4] 443                        ALLOW IN    Anywhere                  
[ 5] 2812                       ALLOW IN    Anywhere                  
[ 6] 7474                       ALLOW IN    Anywhere                  
[ 7] 21 (v6)                    ALLOW IN    Anywhere (v6)             
[ 8] 22 (v6)                    ALLOW IN    Anywhere (v6)             
[ 9] 80 (v6)                    ALLOW IN    Anywhere (v6)             
[10] 443 (v6)                   ALLOW IN    Anywhere (v6)             
[11] 2812 (v6)                  ALLOW IN    Anywhere (v6)             
[12] 7474 (v6)                  ALLOW IN    Anywhere (v6)

Result of browser access:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.