When an SSL handshake fails, Error 525 occurs in Full or Full (Strict) SSL mode. This is typically caused by a configuration issue in the origin web server.
If you are a site visitor, report the problem to the site owner. Cloudflare Support cannot assist you as we are only able to work with the verified owner of the domain.
If you are the site owner, review the steps outlined below to try to resolve the issue.
The most common causes include:
- The origin web server does not have a valid SSL certificate installed.
- The origin web server is not listening on port 443 (or other custom secure port).
- The origin web server does not support or is not configured properly for SNI.
- The cipher suites that Cloudflare accepts and the cipher suites that the origin server supports do not match.
However, there could be other intermittent conditions that can cause Error 525.
Troubleshoot intermittent 525 errors
If you're only seeing errors intermittently, review the server error logs to determine the cause:
- Apache must be configured to log mod_ssl errors.
- nginx includes these errors in its standard error log, but it may be necessary to increase the log level.