Streaming live at 10am (PST)

Error 525 - SSL handshake failed


#1

My website is showing a cloudflare 525 error.
I haven’t changed anything on cloudflare and webflow for a few weeks, and it was working fine up until a few days ago.
How can I fix this?
Here’s the screen shown for both https://breeze.im and https://www.breeze.im.

Thanks!


#2

We are only able to provision SSL certificates for your domain if it is directly pointed to our servers. What probably happened is the domain was originally pointed to us and we were able to generate the SSL certificate. Then, the domain was moved to point to cloudflare. Then, some time later, when the SSL certificate we generated expired, we were no longer able to re-generate it since the domain is not pointed to us anymore.

There are a couple options to fix this. If you point your domain directly to us, we should be able to generate an ssl cert and we can directly serve your site. Alternatively if you wish to continue using cloudflare, you can set the config for them to point to proxy.webflow.com instead of proxy-ssl.webflow.com and make sure you select the “Flexible” option in the cloudflare config.


#3

Hey folks, sorry about this. This was an unintended side effect of a DDOS mitigation effort. This is now and should be working for you again (let me know if not). I’m sorry for not updating you sooner, I just came across this thread.

I’m also sorry for how we handled the communication and addressing of the the issue as you described, you deserve better than that as a loyal customer. This was a tricky one for us to track down, but that’s no excuse for how we handled it. Sorry about that!

Thanks,
vidmate kissanime


#4

Still the same error.
Maybe ssl certificate still needs to be replaced


#5

So either I stop using SSL or stop using cloudflare?
How do I keep using cloudflare and keep ssl?


#6

@Tomer_Raz - likely if you turn off Cloudflare’s “orange cloud” (everything but DNS) and then go back to the Webflow hosting page and click “Check Status” on the domain, let’s encrypt will probably do it’s thing and your site should be back up hopefully within a few minutes.

For some deeper insight, the way that it works is that let’s encrypt has an automated system that runs on Webflow’s servers and makes a specific url available that allows their external system to validate their certs. With Cloudflare running, let’s encrypt certs are hidden and can’t update because Cloudflare replaces the certs. Let’s encrypt certs are valid for 3 months and automatically renew through this same process - so to use both, you need to turn off the orange cloud and validate that the expiration updated at least once every three months. For a longer term fix webflow needs to use let’s encrypt http validation, or they need to allow custom certs.


#7

Thanks, it works :slight_smile:
Turn off cloudflare orange cloud -> webflow hosting check status -> turn on cloudflare orange cloud


#8

Keep in mind, in 90 days when the certificate we provision expires, your site will break again. If you want to use cloudflare with the orange cloud on (meaning the traffic is routed through cloudflare, not just DNS) then you should make sure to point your site to proxy.webflow.com to avoid the certificate issues.


#9

Understood.
But if I change to proxy.webflow.com, the site doesn’t work using https anymore correct?


#10

If you are routing your traffic through cloudflare, they are serving their own SSL certificate. You can see that currently it is a cloudflare issued SSL cert on the domain: