Universal SSL certificate matches wrong IP (Error 525)

Hello,

I created a new site on Cloudflare awayforlong .com
Cloudflare automatically created the DNS fields but the A field had the wrong IP.
The universal SSL created automatically is wrong as well as it uses this wrong ip.
I created a new vhost from my origin server and thus got a new IP.
I changed the DNS A and AAAA fields to reflect the change by matching this new IP there.
The URL http://awayforlong.com works fine but the awayforlong .com gets a 525 error SSL handshake failed.
When I check the SSL certificate there SSL Server Test: awayforlong.com (Powered by Qualys SSL Labs) it confirms that the SSL certificate has the wrong ip.

How can I revoke and renew my SSL certificate to reflect the change ?
I tried in the setting under the SSL/TLS tab to deactivate the SSL certificate then wait half an hour and activate again the universal SSL certificate but it changed nothing.

Can anyone help me ?
Thanks for reading ad helping,

François

525 means that the certificate on your origin is invalid, it’s unrelated to Universal SSL which is an edge certificate.

Setup an Origin CA certificate & set it up on your server. https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/

I @KianNH, Thanks for your help,
I am trying to create and install this Origin CA certificates but unfortunatly I don’t understand much of what is written there https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/
I did create this origin server certificate there dash.cloudflare.com > awayforlong.com > ssl-tls > origin > create a certificate.
I have a perm key file now.
I don’t understand the rest of this tutorial. It’s just like Chineese to me.

This tutorial says :

Upload the Origin CA certificate (created in [Step 1 ]) to your origin web server.

Should I upload this perm file on my server using an ftp client at the root level ? There :
/lamp0/web/vhosts/awayforlong.com/htdocs

Then should I restart my server ? On my webhosting pannel I have a button “restart”. It will restart the server where I have 3 vhosts and among them awayforlong.com. I costs me 10$ everytime I press this button.

What do you think ?

It seems I solved this issue removing my site awayforlong in Cloudflare and recreate it.

1/ I removed my site awayforlong on Cloudflare
2/ I recreated my site awayforlong on Cloudflare. Suddendly I had access to greyed out things on my hosting provider panel. This for instance : “You can install an SSL certificate manually by uploading it”
3/ I did “install an SSL Certificate by uploading it”. I copied and pasted the ssl certificate et key provided by Cloudflare when I created a new certificate there : dash.cloudflare.com/awayforlong.com/ssl-tls/origin
4/ Add BINGO ! It Works fine now.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.