SSL Handshake failed Error 525

My domain’s Let’s Encrypt SSL certificate had expired. Therefore, I installed Cloudflare’s Origin Certificate on my website But I’m unable to resolve this SSL Handshake Failed Error 525 at Host end:

My SSL/TLS encryption mode is Full (strict)
Forced HTTPS is ON in Cloudflare app and disabled at server.
Universal SSL is enabled
TLS certificate signed by Cloudflare is installed on origin server.
Domain is using Cloudflare nameservers

SSL report by Qualys:

Geocerts SSL Checker report:

My webhost support says to wait for 24 hours but it’s been over a week and the problem still persists. Can any one help figure out what’s wrong?


Hey, do you have a valid certificate on your hosts end? That is, without Cloudflare, is your https certificate valid?

If that cert is properly installed, then Cloudflare will accept it, and not throw a 525 or 526.

You can test your origin certificate with:
curl -vI --connect-to ::

That would be command line on the server itself, or you’d have to put in the server’s actual IP address if you’re testing remotely.

You should see the Cloudflare Origin cert in the response.

1 Like

Thanks for the reply!
Unfortunately, I don’t know where to put command lines or CLI on server.

Is there any other method to do the same?

I’ve a valid Cloudflare Origin CA installed on my server.
But I think you’re asking for some other TLS certificate. I don’t have any additional TLS certificate. So obviously, without Cloudflare my https certificate won’t work.

This topic was automatically closed after 30 days. New replies are no longer allowed.