525 Error on First Request For Subdomains Through Cloudflare

1. The problem I’m having:

Hello,

I am trying to host sites on subdomains of mine through Cloudflare. Sometimes routes will respond with 525 before returning a expected response after a few retries. I am extremely confused as to why.

On every curl -vL I’ve tried of a subdomain, it occurs only the first time, and then not the second time.

The error does not occur on the main domain (eldon.zone/eldon.dev).

Thank you,
Eldon

2. Error messages and/or full log output:

2024/02/12 15:44:17.966 INFO    using adjacent Caddyfile
2024/02/12 15:44:17.969 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//127.0.0.1:2019", "//localhost:2019", "//[::1]:2019"]}
2024/02/12 15:44:17.970 INFO    http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS        {"server_name": "srv0", "https_port": 443}
2024/02/12 15:44:17.970 INFO    http.auto_https enabling automatic HTTP->HTTPS redirects       {"server_name": "srv0"}
2024/02/12 15:44:17.971 INFO    http    enabling HTTP/3 listener        {"addr": ":443"}
2024/02/12 15:44:17.972 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/02/12 15:44:17.972 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/02/12 15:44:17.973 INFO    http    enabling automatic TLS certificate management {"domains": ["flowchart.eldon.dev", "eldon.zone", "eldon.dev", "*.eldon.zone", "*.eldon.dev"]}
2024/02/12 15:44:17.975 INFO    autosaved config (load with --resume flag)      {"file": "/root/.config/caddy/autosave.json"}
2024/02/12 15:44:17.976 INFO    serving initial configuration
2024/02/12 15:44:17.970 INFO    tls.cache.maintenance   started background certificate maintenance     {"cache": "0xc0002b2100"}
2024/02/12 15:44:17.975 WARN    tls     storage cleaning happened too recently; skipping for now       {"storage": "FileStorage:/root/.local/share/caddy", "instance": "d5091c80-a7be-4ce7-9b61-7077546451eb", "try_again": "2024/02/13 15:44:17.975", "try_again_in": 86399.99999959}
2024/02/12 15:44:17.976 INFO    tls     finished cleaning storage units
Successfully started Caddy (pid=483680) - Caddy is running in the background

If there’s any other useful logs I could provide let me know.

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

a. System environment:

Linode Unbuntu 22

b. Command:

caddy start

c. Service/unit/compose file:

d. My complete Caddy config:

{
        acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
        acme_dns cloudflare <REDACTED>
}

https://eldon.zone, https://eldon.dev {
        reverse_proxy localhost:3000
}

https://flowchart.eldon.dev {
        root * /root/flowchart-project/dist
        file_server
}

https://*.eldon.zone, https://*.eldon.dev {
        respond "This subdomain isn't being used currently!"
}

5. Links to relevant resources:

https://community.cloudflare.com/t/community-tip-fixing-error-525-ssl-handshake-failed/44256

If you have this set, then you’re using “fake” certificates.

You should remove this, so you get real certificates.

But I can’t say much else than that without seeing the error that Cloudflare is showing you.

Removing this was the solution! I did discover this while going through the config. I must’ve added it at some point and forgot to remove it.

Thank you!
Eldon

1 Like