Using origin certificate into my web server but still return 521

Hello everyone. I am using Cloudflare to SSL protect my main website.

Recently I have been renting another web server and I want to use the same domain name. So here is my setup

  • In the DNS page of the same domain name, I add a Type A - DNS to map ‘abc.api’ to my web server IP address.

  • Then I set up a basic Nginx server and confirm that I can connect to ‘abc.api.{mydomain}’ via HTTP.

  • Then I go to SSL/TLS → origin certificate, and generate an origin certificate with the host listing ‘*.{mydomain}’ and specifically ‘abc.api.{mydomain}’.

  • I follow the official documentation and add the cert/key to the web server Nginx configuration.

  • Finally, I set the SSL to Full(strict).

Now here is the issue.

When I tried to visit ‘abc.api.{mydomain}’, I just got an Error code 521.

I tried every troubleshooting technique including

  • whitelisting all Cloudflare IP using iptable
  • sudo ufw allow HTTPS traffic
  • use a bundle cert that combines CA cert and server cert
  • toggle on and off the proxy setting on the DNS setting page

But the same error persists.

I wonder if there are still things I need to set on DNS page (like perhaps I also need to add "abc.api.{mydomain} to the universal certificate)? Thank you very much.

Should be already covered with a wildcard * (apex) hostname in Universal SSL.

May I ask if this is a vhost file for a specific sub-domain or default nginx?

You might be missing the ssl_protocols, ssl_ciphers, server_name should be domain/sub-domain.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.