I have a Cloudflare proxy (an “orange cloud” DNS record) enabled for my fly app’s DNS. So instead of a simple DNS A record to 126.96.36.199, the Cloudflare proxy sits in front of that.
That generally works well.
However I randomly get 525 errors. Apparently it’s caused by an error with the SSL handshake between Cloudflare’s server and fly’s. As far as I can see there is nothing I can do since both are out of my control.
When you Google Cloudflare 525 loads of other people get it and there is no definitive solution.
Today, for two apps, I got a 525 error. Then they started working again, no 525. Interestingly the 525 happened on a round number, at 10pm UTC, so I wondered whether it could be to do with a certificate being replaced by fly? Is there a way to see when exactly a certificate was replaced? I looked using certs in the CLI (show/list), but it just shows when it was issued.
Or that may be a coincidence.
Else could someone look at numbers 5 and 6 on this list of possible issues suggested by Cloudflare, and offer any thoughts on them? Those seem like things you’ll know. Like about the cipher:
I’m assuming if it happens for me it’s happening for other people too. It makes it look like something is broken, when it isn’t (app wise). I know to reload the page, retry an API call etc, but it looks bad for other people as it looks like downtime, error etc.