I have a website loaded with the cloudflare certs. Everything looks good to me and there are many users on the site at any given time. The site passes the cloudflare diagnostic. My writer is on the other side of the world and she always gets a 525 no matter what browser she is using. I am having problems trying to narrow down the issue. Could it be a windows os issue with tls?
Error 525: SSL handshake failed
525 errors indicate that the SSL handshake between Cloudflare and the origin web server failed. Error 525 occurs when these two conditions are true:
- The SSL handshake fails between Cloudflare and the origin web server, and
Full or Full (Strict) SSL is set in the Overview tab of your Cloudflare SSL/TLS app.
Contact your hosting provider to exclude the following common causes at your origin web server:
- No valid SSL certificate installed
- Port 443 (or other custom secure port) is not open
- No SNI support
- The cipher suites accepted by Cloudflare does not match the cipher suites supported by the origin web server
If 525 errors occur intermittently, review the origin web server error logs to determine the cause. Configure Apache to log mod_ssl errors. Also, nginx includes SSL errors in its standard error log, but may possibly require an increased log level.
- Check if you have a certificate installed on your origin server. You can check this article for more details on how to run some tests. In case you don’t have any certificate, you can create and install our free Cloudflare origin CA certificate. Using Origin CA certificates allows you to encrypt traffic between Cloudflare and your origin web server.
Review the cipher suites your server is using to ensure they match what is supported by Cloudflare.
- Check your server’s error logs from the timestamps you see 525s to ensure there are errors that could be causing the connection to be reset during the SSL handshake.
I use a vps. Every person i have talked to can access my site fine, so somehow I don’t think its specifically a config issue. Im looking for ideas on what it could be on the client end.
Hi, please provide the main domain, thanks.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.