Error 525: SSL handshake failed

A 525 error indicates that the SSL handshake between Cloudflare and the origin server failed. A 525 error will only occur if the domain is using Full or Full (Strict) SSL mode.

If you are a site visitor you should reach out to the owner of the site to inform them of the problem you are seeing. Cloudflare's Support team would not be able to assist you as we are only able to work with the verified owner of the domain.

If you are the site owner please review the steps below in order to resolve this issue.

How to troubleshoot consistent 525 errors:

The most common causes of consistent 525 errors are as follows:

  • The origin server does not have a certificate installed.
  • The origin server is not listening on port 443 (or other custom secure port).
  • The origin server does not support or is not configured properly for SNI.
  • The cipher suites that Cloudflare accepts and the cipher suites that the origin server supports do not match.

However, there are other intermittent conditions that can cause 525 errors as well.

How to troubleshoot intermittent 525 errors:

If you're only seeing errors intermittently, you'll want to review server error logs to determine the cause. Apache must be configured to log mod_ssl errors. nginx includes these errors in its standard error log, but it may be necessary to increase the log level.

Still not finding what you need?

The Cloudflare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk