Web server is down (error code 521)

Hello friends!

I have a domain name on namecheap, a wordpress on AWS and everything is working.
I add Cloudflare and my server is down (error 521).

What should I do?

here is the troubleshooting from Cloudflare error 521:

[Contact your site administrator or hosting provider](https://developers.cloudflare.com/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-5xx-errors/#h_cf28c038-16c1-4841-a85f-f905240aaebe) to eliminate these common causes:

* Ensure your origin web server is responsive
* Review origin web server error logs to identify web server application crashes or outages.
* Confirm [ Cloudflare IP addressesOpen external link](https://www.cloudflare.com/ips) are not blocked or rate limited
* Allow all [ Cloudflare IP rangesOpen external link](https://www.cloudflare.com/ips) in your origin web server’s firewall or other security software
* Confirm that — if you have your **SSL/TLS mode** set to **Full** or **Full (Strict**) — you have installed a [Cloudflare Origin Certificate](https://developers.cloudflare.com/ssl/origin-configuration/origin-ca)
* Find additional troubleshooting information on the [ Cloudflare CommunityOpen external link](https://community.cloudflare.com/t/community-tip-fixing-error-521-web-server-is-down/42461).

With the IP adress the website work.
it is set to SSL full and SSL/TLS on
I use AWS and have other web site using Cloudflare, so I beleive the web site doesnt block Cloudflare ip ?

Thank you for your time and effort!

Hi @simon47,

What is the site you have? Are you able to share the domain/URL?

Thank you.

When I change the SSL/TLS to flexible it change the error for this:

2023 Copyright. All Rights Reserved.

The Sponsored Listings displayed above are served automatically by a third party. Neither Parkingcrew nor the domain owner maintain any relationship with the advertisers.

So I probably need to configure the origin server to allow port 443 be accessed by Cloudflare IPs.
How do I do that on a lightsail AWS server please?

You shouldn’t change to Flexible in the first place, as that’s an insecure legacy mode that drops your site’s security. Only Full Strict provides proper encryption.

But yes, a 521 means your server is not accessible. Make sure the addresses from IP Ranges are not blocked.

Hi sandro, thanks. Yes, I will keep it in full strict.

Any idea how to make sure the IP Ranges are not blocked on AWS lightsail wordpress?

Are you sure it’s working at all?

Can you pause Cloudflare?

I cannot see my website.

I just pause it.

Well, SSL is configured but with an invalid certificate. You first need to fix the certificate.

You appear to have disabled your security again and have an insecure site again.

Hi, yes im using SSL full at the moment. I created the ssl certificate. But it is a .txt.

Im missing something.

As mentioned Full is insecure, switch that to Full Strict.

As for the certificate, you need to configure that on your server. Best to pause Cloudflare until your site loads fine on HTTPS, otherwise it’s hard to verify it.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.