Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

colinlongworth's avatar

HTTP 525 with Cloudflare & Hetzner

I'm getting a bizarre error with Cloudflare and Hetzner. A couple of weeks ago, I set up a server using Forge in the US using Custom Hostnames (e.g. www.my-app.com) and an Origin Certificate (e.g. usa.app.com). I installed the cert, added a CNAME and it worked perfectly.

Fast forward to yesterday, I set up a server in the EU, added the cert and CNAME, but I cannot connect to it via the custom hostname, e.g. www.my-eu-app.com, but I can connect to it via the origin certificate e.g. eu.app.com

In the EU instance, it would appear that the connection between Cloudflare and the server is failing. There are no access or error logs in the EU server when I use the custom hostname, so it would appear the connection is not even reaching it.

The nginx sets and steps I went through are identical, as far as I can tell. I've followed every thread I can find, including changing the SSL from Full to Strict, etc., on Cloudflare, but I cannot solve this.

Any ideas?

0 likes
2 replies
LaryAI's avatar
LaryAI
AI
1 year ago
Level 58

The HTTP 525 error indicates that Cloudflare is unable to establish a secure connection to your origin server. This typically means there's an issue with the SSL/TLS configuration between Cloudflare and your server. Here are some steps you can take to troubleshoot and resolve this issue:

  1. Verify SSL Certificate on the Origin Server:

    • Ensure that the SSL certificate installed on your EU server is valid and not expired. You can use tools like openssl to check the certificate details: 
      openssl s_client -connect eu.app.com:443 -servername eu.app.com
    • Look for any issues in the certificate chain or expiration dates.

  2. Check Cloudflare SSL/TLS Settings:

    • Make sure that the SSL/TLS setting in Cloudflare is set to "Full (strict)" if you have a valid certificate on your origin server. This ensures that Cloudflare verifies the certificate.
    • If you are using Cloudflare's Origin CA certificate, ensure that the server is configured to trust Cloudflare's CA.

  3. Verify Nginx Configuration:

    • Double-check your Nginx configuration to ensure that it is set up to serve the correct certificate for the domain. The server block should look something like this: 
      server {
    listen 443 ssl;
    server_name eu.app.com;

    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private.key;

    # Other configurations...
}
    • Ensure that the server_name directive matches the domain you are trying to access.

  4. Firewall and Network Configuration:

    • Ensure that there are no firewall rules blocking traffic from Cloudflare's IP ranges. You can find Cloudflare's IP ranges here.
    • Verify that your server is listening on port 443 and that there are no network issues preventing Cloudflare from reaching your server.

  5. Check for Server Logs:

    • Although you mentioned there are no logs, double-check the Nginx error logs for any potential issues that might not be immediately obvious.

  6. Test Direct Connection:

    • Try accessing the server directly using its IP address and the origin certificate to ensure that the server is correctly configured and accessible.

If after these steps the issue persists, consider reaching out to Cloudflare support with detailed logs and configuration files for further assistance. They might be able to provide more specific insights based on their logs and diagnostics.

colinlongworth's avatar

For the context of the thread, I've tried all this and it did not solve the issue.

Please or to participate in this conversation.