When trying to setup Cloudflare DNS for SSL for my DigitalOcean Ubuntu server, I received a "Error 521" and started troubleshooting.
I found this article: https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-
And followed the steps until saving. Since there was no change, when I tested https://MyDomain.com, I didn't bother saving the iptable entries.
Is there something I'm missing here??
MDS nailed it in the comment section, essentially when your are getting a 521 error on SSL requests, but non-SSL requests work fine; it usually indicates one of two things:
This behaviour can occur in Full and Full (Strict) mode, but not Flexible as the connection will be in plain-text HTTP.
If your web server is not configured to receive SSL connections, you will need to add this configuration before using Full or Full (Strict), however if it is configured you will instead need to whitelist port 443 on your server.
In IP Tables it is possible to open up port 443 as follows:
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
The next step would be to whitelist CloudFlare's IPs, there is a guide on how to whitelist CloudFlare IPs in IPTables.
Which Cloudflare SSL method are you using? For example: Flexible, Full, Full Strict.
Whatever you recommend: I need to process credit cards on a donation form. I have it set to "Full" currently.
If you are using Full, you need to setup a SSL certificate on your server. Make sure port 443 is open by running the command:
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPTBoom! done. Thanks again @MDS