SSL handshake failed error 525 help please

Hi, I have a website hosted by Network Solutions and a SSL certificated activated by them for the site. However, after moving DNS nameservers to Cloudflare and enabling DNSSEC with Cloudflare, I suddenly get this “Error 525: SSL handshake failed” error. The site was accessible after the transfer and before the DNSSEC enabling, but after the DNSSEC enabling, this error started. I tried searching the community and trying different solutions, but nothing worked. Can someone help out? FYI, in my Cloudflare console, it shows an existing “Universal SSL Certificate”. Is this correct? Is this the SAME as my activated SSL certificate at Network Solutions? Also, using the Versign DNS analyzer tool, it shows DNSSEC working properly with no warnings or errors.

I suggest you disable DNSSEC again. Make sure it’s disabled at both Cloudflare Dashboard DNS and your domain registrar.

It’s quite possible DNSSEC was misconfigured, and directed your DNS to the wrong server.

Give it a few days to settle in, then reconfigure it from scratch.

Mr. Dayman,

Thank you for your reply.

Sorry, not being a techie, I have another question, which may seem silly to you, but please bear with me.

Initially, after NS (Network Solutions) added the CF (Cloudflare) DS record and I used the Verisign DNSSEC analyzer, it showed many warnings and errors.

After I allowed it 24 hours, the analyzer showed everything to be working, with NO warnings or errors.

I understand NS may still have messed something up, and I emailed them again just now mentioning what you said, but it is possible for the Verisign analyzer to show no errors when NS may have mis-configured something?

I like the CF service, especially while it was working.

Now I’m just confused where the error it at. It “seems” like the problem is with NS, but they keep telling me they don’t see anything wrong on their side; this after a 48 hour wait after they escalated this problem.

Now our site’s been down since Thursday, Sept. 9th.

Just very confused.

Wayne

What’s the domain?

https://www.deltapacificvalve.com

Your server does not have a valid certificate for the ‘www’ subdomain. Without ‘www’, the site works fine.

You’ll either have to work with your host to fix the ‘www’ certificate, or set up a Page Rule here like this:
Match: www.deltapacificvalve.com/*
Setting: Forwarding URL (301): https://deltapacificvalve.com/$1

2 Likes

Thank you very much Mr. Dayman; you are the best!

I added the rule and it fixed the problem immediately.

In the meantime, I’ll tell NS as well, but their fix (if they can do it), will probably take another week to complete.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.