Unusual 525 error with website

dash-dns
bug
dash-crypto
#1

Hello there,

Recently I have been having issues with my website, wherein if I browse to the main website, I get a 525 error; however if I browse to one of the subdomains on the same machine, with the same certificate, I get access without interruption. Furthermore, if I browse the site without the orange cloud enabled on a subdomain which points to the same files, I can get through. Confusing, I know.

I was wondering if anybody out there has experienced this sort of thing before and knows how to fix it.

The subdomain in question: https://panel.kyrahosting.co.uk
What the main website should look like: http://webmachine.kyrahosting.co.uk.
Obviously the main website’s domain is of the www. subdomain (New account limits dictate that I can only post 2 links.)

Many thanks,
Benjamin Andrews.

#2

A 525 would indicate the certificate for that host on your server is not properly configured or entirely invalid

#3

The certificate is one generated by Cloudflare itself upon purchasing a Dedicated Certificate. I have followed these guidelines/tips as much as I can. It should be noted that the certificate is installed on the machine itself and is working correctly for the other subdomains.

Unfortunately, due to a restrictions with the panels that I use, I cannot switch to the Flexible SSL setting on Cloudflare, leaving me with this issue.

If you have any other ideas, I am open to suggestions.

#4

So… Somehow I fixed it… I’m really confused, anyway - Thanks!

1 Like
#6

I am having this issue at the moment, starting about 24 hours ago… out of nowhere, same SSL configuration that has been working for cloudflare for months.

How did you fix yours?

My nginx error log:
SSL: error:1414D17A:SSL routines:tls12_check_peer_sigalg:wrong curve

My nginx config:
##########

SSL

##########
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; # Dropping TLSv1, SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;
ssl_ciphers ‘ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA’;

ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 valid=300s;
resolver_timeout 5s;

#Cloudflare TLS Authenticated Origin Pulls
ssl_client_certificate /etc/nginx/cloudflare.pem;
ssl_verify_client on;

#7

I didn’t get this error, and I was using Apache for this, so unfortunately I couldn’t tell you - However I think I fixed it with a bit of fiddling with my DNS records.

closed #8

This topic was automatically closed after 30 days. New replies are no longer allowed.