What causes Cloudflare Error 525?

Cloudflare failed to negotiate a successful SSL/TLS handshake with the origin server. Origin has no SSL certificate configured, but Cloudflare encryption mode is "Full" or "Strict" Origin only supports deprecated TLS versions SNI configuration mismatch

Cloudflare Error 525

Critical

SSL handshake failed

Cloudflare failed to negotiate a successful SSL/TLS handshake with the origin server.

Impact: Website completely inaccessible

Responsibility

Configuration

This error is usually caused by incorrect DNS, SSL, or firewall configurations.

Common Causes

Origin has no SSL certificate configured, but Cloudflare encryption mode is "Full" or "Strict"
Origin only supports deprecated TLS versions
SNI configuration mismatch

Troubleshooting Guide

Check Cloudflare SSL/TLS Mode

If the origin only supports HTTP (port 80), change Cloudflare SSL mode to "Flexible". If the origin has a self-signed certificate, use "Full". If it has a trusted CA certificate, use "Full (strict)".

Diagnostics

Diagnose Your SiteWebsite Check Check Cloudflare TraceCloudflare Trace

Related Errors

Error 526 Error 520