SSL 525 error continues

The SSL handshake error continues on all our domains with Cloudflare, even though I can confirm through SSL checkers that the certificate is valid, not expired, and matches the source certificate. The sites only seem to work with the SSL mode set to Flexible - which should not be work - but it does. As soon as I set it to Full it no longer works and I get the SSL handshake error again. What exactly am I doing wrong?

What’s the domain?

And yes, you are absolutely right. Flexible is an insecure legacy mode, which should not be used as it keeps the site insecure. Only use Full Strict, even the non-strict Full is not secure.

Hello and thank you!
Here are the domains:

[type or paste code here](

Could you briefly pause Cloudflare?

Yes, I’ve just paused Cloudflare on that domain.

Got it, you can unpause again.

As you mentioned, Flexible should not even work in your case, however you do not have a valid certificate.


You first need to fix the certificate.

Hi and thanks for the response. How do I fix the certificate and why does it no longer work? All of the certificates for all of the domains I have on Cloudflare were working until yesterday, and the SSL certificate is through Cloudflare for all these sites. How do I fix it?

I am afraid that’s a question for your host. Maybe best pause Cloudflare again and contact your host to clarify why there is no valid certificate. Once your site loads fine on HTTPS, it should also work on Cloudflare.

I’m confused then. I thought Cloudflare issues the SSL certificate. Why would my website host also need to issue one?

Cloudflare does not and cannot issue a certificate for your server, only for the proxies. You can get an Origin certificate from them, but that’s not different from Let’s Encrypt.

Bottom line, your server needs to work fine on HTTPS before you use Cloudflare.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.