Cloudflare Proxy SSL Failure

I have recently switched to Fly.io for my web/backend hosting and am running into some issues with Cloudflare. I have a SpringBoot API hosted with Fly which successfully proxies through Cloudflare (https://api.soulsoftware.org) however a separate frontend host which for some odd reason fails with Cloudflares proxy (Code 525) (hosted at https://soulsoftware.org with DNS only enabled).

Is there any way for me to solve this issue?

Thanks

The frontend works just fine for me. What’s most likely happening is that you originally had the domain through the cloudflare proxy and have since changed it to “DNS Only”, and your system has cached it resolving to cloudflare. If you’re using Firefox with private DNS turned on, try opening the page in a private window, otherwise try flushing your DNS cache (on windows this is done by running ipconfig /flushdns

➜ dig +short soulsoftware.org
66.241.125.17 # This is not Cloudflare

The frontend does work fine, however I would like it to be proxied through Cloudflare. As of right now it is set to DNS only and does not function when setup to route through Cloudflare Proxy.

In that case my best guess as to what’s happening is you were trying to load your page before the certificate was provisioned, now that you know it’s definitely there i’d give it another shot and see if the error comes back.

Just enabled Proxy, error is back.

(The version that occasionally shows up is an old buggy release using Cloudflare Pages)
(Cloudflare cache has been fully flushed)

"
SSL handshake failed (Error code 525)

The appears that the SSL configuration used is not compatible with Cloudflare
"

Just reenabled DNS Only.

I managed to get this working, and Full (Strict) mode is operating as expected. However, the certificates tab is showing warnings to say that the IPs don’t match and, even though I have a CNAME to verify ownership, there is an exclamation mark icon next to it (it does also say that it matches).

My question is this: when the certificate is due to be renewed in September, will it do so automatically, or will I need to turn off the proxy so that the certificate can be re-provisioned/renewed?

Hey, how did you get it working?

I had it set to DNS only at first, then waited for the cert to be provisioned and verified, then turned it back to Proxy, and it just worked.

Interesting, after waiting around a week something has finally propagated. Cloudflare Proxy works perfectly now.

Thank you all for the help

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.