Related

cpu from 13% to 100% in one minute Question Question
Why are snapshots so slow Question Question

Question

HTTPS Error 521, Universal SSL Cloudflare

Posted March 7, 2016 8.7k views
ApacheGetting StartedSecurityDigitalOceanConfiguration Management

I have free Universal SSL with CloudFlare. I wanted to set up a permanent SSL redirect on my website.
I change A-name to IP my droplet on digitalocean and when i try to use https-protocol i get error: 521 (ssl handshake filed) and loop

I think, that is necessary to change standart settings in configuration apache2, but what to change and where?

Previously, I used shared hosting by godaddy and never encountered this problem. Please help me!

Add a comment
KerchTorres
By:
KerchTorres
Add a comment
2 comments

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
6 answers
misterbradshaw June 10, 2016

@KerchTorres, how did you solve the issue?

Reply Report
KaMilml October 1, 2016

i have the same issue, please tell us how you solved this :(

Reply Report
jlallemann October 17, 2016

I have the same issue as well. I have 2 servers with DO. With two sites on each that all have CloudFlare DNS/SSL. Today I updated one of the server, and both domains on this one started to get 525 ssl handshake failed. The two domains on the other “non-updated” server still worked fine.
Can’t fix it. I had to deactivate SSL for now. Any help welcome.

Reply Report
ikab October 26, 2016

I had the same issue, I noticed that my SSL was on “Full”, but my server doesn’t support SSL, so I changed it to Flexible (e.g. USER <SSL> CF <PLAIN> SERVER)

If you require FULL SSL, you should make sure that your SSL works even without CF through https://www.ssllabs.com/ssltest/

Reply Report
vlknu21 February 15, 2018

problem solved! Change SSL = full to Flexible

Reply Report
jipeus May 24, 2020

Just adding a new answer here: when you by pass the https request on the node balancer, add the origin certificate to the load balancer, and make sure it’s selected. That way, you can still use strict CF connections.

Hope this helps.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help