Universal SSL certificate matches wrong IP (Error 525)


I created a new site on Cloudflare awayforlong .com
Cloudflare automatically created the DNS fields but the A field had the wrong IP.
The universal SSL created automatically is wrong as well as it uses this wrong ip.
I created a new vhost from my origin server and thus got a new IP.
I changed the DNS A and AAAA fields to reflect the change by matching this new IP there.
The URL http://awayforlong.com works fine but the awayforlong .com gets a 525 error SSL handshake failed.
When I check the SSL certificate there SSL Server Test: awayforlong.com (Powered by Qualys SSL Labs) it confirms that the SSL certificate has the wrong ip.

How can I revoke and renew my SSL certificate to reflect the change ?
I tried in the setting under the SSL/TLS tab to deactivate the SSL certificate then wait half an hour and activate again the universal SSL certificate but it changed nothing.

Can anyone help me ?
Thanks for reading ad helping,


525 means that the certificate on your origin is invalid, it’s unrelated to Universal SSL which is an edge certificate.

Setup an Origin CA certificate & set it up on your server. https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/

I @KianNH, Thanks for your help,
I am trying to create and install this Origin CA certificates but unfortunatly I don’t understand much of what is written there https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/
I did create this origin server certificate there dash.cloudflare.com > awayforlong.com > ssl-tls > origin > create a certificate.
I have a perm key file now.
I don’t understand the rest of this tutorial. It’s just like Chineese to me.

This tutorial says :

Upload the Origin CA certificate (created in [Step 1 ]) to your origin web server.

Should I upload this perm file on my server using an ftp client at the root level ? There :

Then should I restart my server ? On my webhosting pannel I have a button “restart”. It will restart the server where I have 3 vhosts and among them awayforlong.com. I costs me 10$ everytime I press this button.

What do you think ?

It seems I solved this issue removing my site awayforlong in Cloudflare and recreate it.

1/ I removed my site awayforlong on Cloudflare
2/ I recreated my site awayforlong on Cloudflare. Suddendly I had access to greyed out things on my hosting provider panel. This for instance : “You can install an SSL certificate manually by uploading it”
3/ I did “install an SSL Certificate by uploading it”. I copied and pasted the ssl certificate et key provided by Cloudflare when I created a new certificate there : dash.cloudflare.com/awayforlong.com/ssl-tls/origin
4/ Add BINGO ! It Works fine now.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.