SSL handshake failed Error code 525 on Heroku

Website, Application, Performance Security
1

What is the name of the domain?

domain

What is the issue you’re encountering

SSL handshake failed Error code 525 on Heroku

Was the site working with SSL prior to adding it to Cloudflare?

No

What is the current SSL/TLS setting?

Off

What are the steps to reproduce the issue?

Hi, I have configured the Origin Certificates. The Cloudflare certificate seems active on Heroku, but it still results in an SSL handshake failure (525). How can I fix this issue? Any help would be greatly appreciated.

2

What is the domain?

Make sure this is “Full (strict)”.

For now, pause Cloudflare or set the DNS record to “DNS only” so requests go direct to the host. You can then check that the origin certificate is correctly installed. You will get a warning as the Cloudflare origin certificate is only trusted by Cloudflare, not browsers, but at least you will see if the certificate is being used.

4

Hi, SSL is set to Full (strict). After pausing cloudflare/turning off proxy, it says the cloudflare certificate is not valid. Common Name (CN)

Cloudflare Origin Certificate

Organization (O)

Cloudflare, Inc.

Organizational Unit (OU)

Cloudflare Origin CA

Issued By

Common Name (CN)

Organization (O)

Cloudflare, Inc.

Organizational Unit (OU)

Cloudflare Origin SSL Certificate Authority

Validity Period

Issued On

Monday, July 22, 2024 at 1:50:00 AM

Expires On

Tuesday, July 19, 2039 at 1:50:00 AM

SHA-256 Fingerprints

Certificate Signature Algorith
PKCS #1 SHA-256 With RSA Encryption

5

Hi, here are the settings

6

As I mentioned, that is expected. The certificate is only trusted by the proxy, this is just to check that the certificate you expect is being used.

The certificate seems ok, so not sure what the issue is.

7

I’ve just noticed the 525 is on www.linkk.com so you have a redirect. You’ve turned the proxy on, but querying that with the host directly returned an error. I’ll check it again, but make sure your origin is configured to answer for www as well and uses the same certificate.

2 Likes
9

Hi, noted. I will try to create a new origin certificate that includes www.

10

Your origin certificate is ok, it contained *.linkk.com. You need to check that Heroku is configured for www.linkk.com as well as linkk.com.

1 Like
11

Hi sjr, you are right. Adding the ‘www’ domain name on the Heroku side fixed the issue, but the SSL is still not working. Thank you!

12

Sorry please ignore the message above.

Hi sjr, you are right. Adding the ‘www’ domain name on the Heroku side fixed the issue, The SSL is now working. Thank you!

1 Like
13

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.