Question
SSL 521 error: Cloudflare a-record pointing to DigitalOcean droplet
- Posted August 24, 2020
- DigitalOcean
I have read many posts about this issue but I am still having issue.
Client is using Cloudflare, Full SSL for their website. I have a ubuntu digitalocean droplet with a web-app that needs SSL. I have created the a-record WEBAPP in Cloudflare pointing to the IP of my digitalocean droplet. So, webapp.mydomain.com should answer at digitalocean with HTTPS. Note: http works fine.
I have confirmed firewall is accepted https and 443 is open.
I read documentation about adding a cert to the droplet but Let Encrypt says I need nameservers pointing to DigitalOcean. **Is this a requirement? I would prefer to not have to move the nameservers since the only thing on digitalocean is this one app.
What I am missing here? Thanks!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hi,
Did you try to diagnose the problem with https://letsdebug.net/ ? Can you give us a test result from there, please ?
This comment has been deleted
Try DigitalOcean for free
Click below to sign up and get $100 of credit to try our products over 60 days!
Background A 521 error happens when we are unable to make a TCP connection to your origin server. Specifically, Cloudflare tried to connect to your origin server on port 80 or 443, but received a connection refused error. For starters, your server is not configured for HTTPS.