Web server is down (error code 521)

simon47 · May 10, 2023, 8:54pm

Hello friends!

I have a domain name on namecheap, a wordpress on AWS and everything is working.
I add Cloudflare and my server is down (error 521).

What should I do?

here is the troubleshooting from Cloudflare error 521:

[Contact your site administrator or hosting provider](https://developers.cloudflare.com/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-5xx-errors/#h_cf28c038-16c1-4841-a85f-f905240aaebe) to eliminate these common causes:

* Ensure your origin web server is responsive
* Review origin web server error logs to identify web server application crashes or outages.
* Confirm [ Cloudflare IP addressesOpen external link](https://www.cloudflare.com/ips) are not blocked or rate limited
* Allow all [ Cloudflare IP rangesOpen external link](https://www.cloudflare.com/ips) in your origin web server’s firewall or other security software
* Confirm that — if you have your **SSL/TLS mode** set to **Full** or **Full (Strict**) — you have installed a [Cloudflare Origin Certificate](https://developers.cloudflare.com/ssl/origin-configuration/origin-ca)
* Find additional troubleshooting information on the [ Cloudflare CommunityOpen external link](https://community.cloudflare.com/t/community-tip-fixing-error-521-web-server-is-down/42461).

With the IP adress the website work.
it is set to SSL full and SSL/TLS on
I use AWS and have other web site using Cloudflare, so I beleive the web site doesnt block Cloudflare ip ?

Thank you for your time and effort!

oshariff · May 11, 2023, 2:46am

Hi @simon47,

What is the site you have? Are you able to share the domain/URL?

Thank you.

simon47 · May 11, 2023, 12:41pm

When I change the SSL/TLS to flexible it change the error for this:

2023 Copyright. All Rights Reserved.

The Sponsored Listings displayed above are served automatically by a third party. Neither Parkingcrew nor the domain owner maintain any relationship with the advertisers.

So I probably need to configure the origin server to allow port 443 be accessed by Cloudflare IPs.
How do I do that on a lightsail AWS server please?

sandro · May 11, 2023, 12:42pm

You shouldn’t change to Flexible in the first place, as that’s an insecure legacy mode that drops your site’s security. Only Full Strict provides proper encryption.

But yes, a 521 means your server is not accessible. Make sure the addresses from IP Ranges are not blocked.

simon47 · May 11, 2023, 12:57pm

Hi sandro, thanks. Yes, I will keep it in full strict.

Any idea how to make sure the IP Ranges are not blocked on AWS lightsail wordpress?

sandro · May 11, 2023, 12:59pm

Are you sure it’s working at all?

Can you pause Cloudflare?

simon47 · May 11, 2023, 1:04pm

I cannot see my website.

I just pause it.

sandro · May 11, 2023, 1:05pm

Well, SSL is configured but with an invalid certificate. You first need to fix the certificate.

sandro · May 11, 2023, 2:00pm

You appear to have disabled your security again and have an insecure site again.

simon47 · May 11, 2023, 2:18pm

Hi, yes im using SSL full at the moment. I created the ssl certificate. But it is a .txt.

Im missing something.

sandro · May 11, 2023, 2:21pm

As mentioned Full is insecure, switch that to Full Strict.

As for the certificate, you need to configure that on your server. Best to pause Cloudflare until your site loads fine on HTTPS, otherwise it’s hard to verify it.

system · May 14, 2023, 2:22pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.