SSL handshake failed Error code 525: pl8ypus.com

Website, Application, Performance DNS & Network
1

What is the name of the domain?

pl8ypus.com

What is the error number?

525

What is the error message?

SSL handshake failed Error

What is the issue you’re encountering

The site wont load

What steps have you taken to resolve the issue?

  1. Checked SSL certificate - Pass
  2. Checked DNS Propagation - Pass
  3. Checked CMD…
    C:\Windows\System32>curl -svo /dev/null https://pl8ypus.com

I have asked Ionos to close port 443 - Is there anything else I can do from my end?

What feature, service or problem is this related to?

I don’t know

What are the steps to reproduce the issue?

Go to the website

2

Port 443 needs to be open for Cloudflare to connect to your origin securely, so that’s likely your problem.

You can temporarily set your DNS record to “DNS only” so requests bypass Cloudflare, check that your origin server is working correctly using HTTPS, then you can re-enable Cloudflare.

3 Likes
3

Thanks for the swift reply. I got the steps I went through on this forum. I phone Ionos twice yesterday and they assured me port 443 was not open but then again it was secondary support. If anyone else with the same problem is reading this - you have to instruct 1st line support with the CMD command, they will pass it on to 2nd line support because they (in Ionos case) arent allowed to use it.

I will keep you all updated.

4

Is there anything else I may have missed?

C:\Windows\System32>curl -svo /dev/null https://pl8ypus.com

  • Host pl8ypus.com:443 was resolved.
  • IPv6: (none)
  • IPv4: 104.21.53.149, 172.67.214.72
  • Trying 104.21.53.149:443…
  • schannel: disabled automatic use of client certificate
  • ALPN: curl offers http/1.1
  • ALPN: server accepted http/1.1
  • Connected to pl8ypus.com (104.21.53.149) port 443
  • using HTTP/1.x

GET / HTTP/1.1
Host: pl8ypus.com
User-Agent: curl/8.10.1
Accept: /

  • Request completely sent off
  • schannel: remote party requests renegotiation
  • schannel: renegotiating SSL/TLS connection
  • schannel: SSL/TLS connection renegotiated
  • schannel: failed to decrypt data, need more data
5

As above, port 443 needs to be open so Cloudflare can make an HTTPS connection to your origin. Why are you asking Ionos to block it?

2 Likes
6

Shoot, I may have screwed that one up then. I will phone them to let them know to leave it open, I misinterpreted the troubleshooting:

Troubleshooting Cloudflare 5XX errors · Cloudflare Support docs.

  • Port 443 (or other custom secure port) is not open

Hmmm, if that is not the problem what other steps could you think of?

7

Without Cloudflare, or with Unproxied (:grey:) / DNS-only records: Visitor ↔ Web server
With Proxied (:orange:) records: Visitor ↔ Cloudflare ↔ Web server

So, by having Proxied (:orange:) records, you also have two different connections to secure. Cloudflare will take care of the first (Visitor ↔ Cloudflare) with the Edge Certificate from Universal SSL, and the certificate on your server (alternatively, your hosting provider) will take care of the latter (Cloudflare ↔ Web server)

Receiving 526 Invalid SSL certificate means that the stuff, that you have behind Cloudflare, isn’t configured safely enough.

The IONOS server may be presenting Cloudflare with an invalid certificate.

You can eventually try switching your DNS record(s) to Unproxied (:grey:) / DNS-only, wait 10-15 minutes, and see if you can access your website then.

If you can’t (and you don’t see the 526 Invalid SSL certificate any more), then there will, according to the explanation above, be something you need to fix on the IONOS server.

8

I am suspecting it is to do with Ionos making it very difficult. I will try the steps and keep you updated.

9

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.