SSL Handshake 525 Error with new google site

For the www name to work, you will need to make sure the CNAME is set to :grey: DNS Only. When a CNAME is set to :orange: in Cloudflare, it is published as A and AAAA instead of the CNAME that Google is looking for.

For the apex name to work, you need to deploy a redirect rule on Cloudflare.Make sure that you have a AAAA record, and only a AAAA record for the apex name (entered as @). That AAAA record should be set to the special discard prefix address of 100:: Once you have that in place you can follow example one in this guide.

Once all of that is done, make sure that you have your TLS mode set to FULL (strict).