SSL handshake fail error 525

In the last 16 hours my website has been giving Error 525: SSL handshake failed. I contacted my hosting provider and they confirm nothing wrong or changed on their side. They checked by pausing Cloudflare and the site becomes accessible again. They suggested that Cloudflare may be having network connection issues with their server. On a slightly different but relevant note, I have another site hosted on the same hosting provider and server but it is not showing any issues. Please help.

How did your host pause Cloudflare for you? Or did they just ask you to pause it, and you did it?

Is it paused right now? If so leave it that way & post the domain name or a screenshot of your DNS page. Don’t know exactly what the issue is but there are some things that could be checked.

My host did not pause Cloudflare but asked me to do it in order to test the result. My site is currently ‘not paused’. I left it enabled for now so anyone kind enough to help may be able to see the error.

the domain name is florencepasteur[.]co[.]uk

It does seem to be paused at the moment, or grey-clouded

The 525 implies Cloudflare might not like your SSL certificate, but I’m looking at it and I’m not seeing anything wrong with it

looks good on the SSL Labs test

https://www.ssllabs.com/ssltest/analyze.html?d=florencepasteur.co.uk

only thing I’m not used to seeing is the " (*) Experimental: Server negotiated using No-SNI" on TLS 1.2, not sure what’s up with that

if you log into your host, is there an option to re-issue the SSL certificate? again I’m not seeing anything wrong it it, but it’s worth a shot. And it expires in exactly 1 month so it’s time to renew anyway.

I renewed the SSL cert but still the problem persists. :confused: Any other pointers?

I’m still seeing the 525 when proxied by Cloudflare;

curl -svo /dev/null https://florencepasteur.co.uk --connect-to ::172.67.148.91

Even for the www hostname.

Makes me think the domain may be in some SSL for SaaS setup.

Have you changed hosting recently?

No change whatsoever.

Please open a ticket. If you’re on a paid plan, do it in the dashboard.

If you’re on a free plan, try email to support AT cloudflare DOT com.

In either case, please post the ticket # here so we can escalate it to have it re-opened and investigated.

Just out of curiosity … does your web host have any kind of ability to check SSL logs on the server to see what happens exactly when an a connection attempt from Cloudflare comes in? Do they have any options for replacing your certificate with one from a different issuer such as LetsEncrypt? Certificate seems fine, and yet, here we are.

I raised a ticket with support. The ticket number is ([#2522196]

Replaced the cert just about half an hour ago. still no difference. I will check with the host about detailed logs