SSL Handshake 525 Error with new google site

domain: delawarelanes .net

This domain was owned by Godaddy and I just moved it to Porkbun, I also do not plan to use the existing WordPress site that was out there and just use a Google site, I should also note that this site was on my Cloudflare account before I started all this migration.

I transferred the domain, and then updated the name servers on porkbun to my cloudflare settings.

I deleted all the existing DNS and plugged in the new google site information

I published the google site, and started getting the 525 error. I then thought it might be a conflicting cert so I deleted the site from my Cloudflare and figured I would start new. Doing so appears to have given me new name servers so I updated to the new name servers (still getting 525)

I feel like I have tried every switch possible in the cloudflare settings and can not get past this SSL 525 handshake issue. Any help is appreciated :slight_smile:

For the www name to work, you will need to make sure the CNAME is set to :grey: DNS Only. When a CNAME is set to :orange: in Cloudflare, it is published as A and AAAA instead of the CNAME that Google is looking for.

For the apex name to work, you need to deploy a redirect rule on Cloudflare.Make sure that you have a AAAA record, and only a AAAA record for the apex name (entered as @). That AAAA record should be set to the special discard prefix address of 100:: Once you have that in place you can follow example one in this guide.

Once all of that is done, make sure that you have your TLS mode set to FULL (strict).

Thanks epic.network for the assistance, I was not able to get any further.

When I turn off proxy, I get a browser connection error as if cloudflare didnt see the request like it does with the 525 error.

I looked in the AAAA comment but i cant find anything in Google sites docs that provides me the Ipv6 to point to.

I have my naked domain covered in a page rule and its working on anyother domain i have pointing to google sites (keelercarpentry . Com)

I went back and double checked every setting i can find and compaired it to my keeler domain that is using google site for hosting. All the DNS are working but something is not correct for DelawareLanes . Net

Could this just be a timing issue that i need to wait up too 48 hours with? I did purge everything in cloudflare but that also didnt resolve

Thanks,
Chris

The naked domain needs to be proxied for the redirect to work (which it is, so that’s good). The use of a proxied AAAA record set to 100:: is a good way of making sure that particular hostname only ever is sent to your redirect rule, but it’s the :orange: that is the important part.

The www CNAME needs to be set to :grey: DNS Only and you need to have configured that name at your Google Site otherwise Google won’t know what to do with requests for that name.

I did make the changes you suggested (AAAA → 100::slight_smile: and the CNAME to DNS only. It still looked like I was getting the errors last night but this morning before I made any more attempts to fix I tested and it worked. So I think it might have been the propagation timing or cashe settings on the Google side of the handshake.

Thanks again for the tips! I certainly feel safer with the site being at its full strict state.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.