I am not newbie with CloudFlare product as I am using it in the last two years.
However, I am facing a very strange issue with one site who struggles me almost two weeks.
Suddenly, we noticed that under unclear conditions and from certain networks CloudFlare returns Error 525:SSL handshake failed.
We followed community Tip for fixing Error 525 but nothing changed:
- Verify that Origin SSL is Valid (generated by Lets Encrypt)
- SSL Port 443 is open from our Firewall to public Internet
- Verify that Origin server has properly configured for SNI support .
TLS server extension “server name” (id=0), len=0
- Verified that Origin Server has the correct Cipher Suites.
- Web Server (NginX) has been configured to log all SSL errors and it doesn’t creates any related error.
- Update /etc/hosts file and point directly the Web Server, no SSL warning appeared, everything is working correctly and browsers (Chrome & Firefox) displays the correct SSL certificate.
- Verified that Origin Server supports All TLS Version from 1.0 to 1.3
Few days ago, i made a change on NginX server (i was forcing to use https) and that seems to solve the problem but only for a few hours, after that we are seeing error 525.
As I said, it only happens in specific IP ranges, from my home Internet is working like a charm and I have never seen CloudFlare 525 error.
I also changed Origin resolv.conf file and I set CloudFlare DNS server as a colleague of mine suggested but unfortunately without any obvious change.
Αny help or idea will be duly appreciated