Cloudflare HTTP 525

fnowacki · October 26, 2025, 8:35am

Hey! I’ll admit that I’ve already tried everything and I’m about to give up… I’ve had applications configured on fly.io with a Cloudflare proxy for several months in the following way: Cloudflare proxied (orange cloud) with AAAA records ipv6; strict mode: full No certificate on the fly.io side

Generally, I followed the instructions from the documentation: https://fly.io/docs/networking/understanding-cloudflare/#cdn-proxy-setup-quot-orange-cloud-quot

I have several applications running this way:
app-a → domain.com
app-b → b.domain.com
app-c → c.domain.com
app-d → d.domain.com

Sometimes it happens that I get HTTP 525, but after a few minutes everything returns to normal. Unfortunately, since yesterday afternoon for app-b, I’ve been constantly getting HTTP 525. All applications are configured in exactly the same way as I described above (ipv6, aaaa record, no certificate on the fly.io side).

Where else can I look for the cause?

bglw · October 26, 2025, 11:15pm

Hi!

strict mode: full No certificate on the fly.io side

Interesting, I would not expect this to have been functional. For a Fly.io app behind Cloudflare you should still be adding a certificate (either in the dashboard or via the CLI with fly certs add).

Can you try adding that certificate to your app? If you have AAAA records in Cloudflare, and no A records, then this should generate the certificate automatically within a couple of minutes.

The several month timeframe might also be a good clue. Did you have an app certificate configured at some point in the past? If so, the latest certificate will have been served until its expiry (90 days).

system · November 2, 2025, 11:16pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.