I am getting a Cloudflare error 525 in my Wordpress.
I'm working on a subdomain where the domain has https that work fine through cloudflare but the subdomain does not.
Hosting: Godaddy
The SSL certificate is UCC bought from Godaddy.
Crypto SSL in Cloudflare: FULL
I made all the changes in Wordpress mainly following these steps: force https pages wordpress
And all URLs are changed from http:// to https://.
Can anyone help me, I'm running out of ideas and I do not know what else I should do?
That error indicates that the ssl handshake is failing on the subdomain. The subdomain might be configured differently at a web-server level, or there may be Page Rules that change the behavior
https://support.cloudflare.com/hc/en-us/articles/200278659-Error-525-SSL-handshake-failed
In case someone still get this error, here is how I fixed it.
This was driving me crazy because the site was working fine and then the error started to manifest intermittently: error page shows, then by refreshing a couple of times the site loaded but with some missing images. So it was a mess.
Tried to reach out for godaddy support but it was not very useful. They checked the files, database, open ports and even changed the propagating DNS, but still the error was persisting.
At the end I tried:
Disable my ssl plugin in wordpress (really simple SSL)
Go back to http setting
In cloudflare, set the SSL setting to flexible
I found out that Cloudflare takes over the writing of the https links, so the plugin was creating a redirect loop and that was causing the handshake to fail.
Related
I just migrated the my website from my old domain to new domain. Its migrated but when I am clicking on something like pages or category its redirecting me to the old site with this error:
The site can't provide a secure connection. shopskart.in sent an invalid response. ERR_SSL_PROTOCOL_ERROR
Screenshot of error message
I also did these changes in wp-conf and wp-options but still I am getting same issue. Someone said its because its forcing site to https due to SSL I had but now I don't have SSL and don't want one right now.
You probably copied the old SSL file to your new site, and it's still active. You should disable it. Also check if there's any setting (in backend or database) pointing to https in stead of http, since you won't be using a secure connection anymore (Why not? You should!). Check the htaccess file as well! If the problem still occurs try clearing your browsercache.
From where i can find the ssl file. Or code. Actually the website was created by my developer and now he refused to give the data when i asked him. So i migraded using wp plugins and dont know where he pasted the ssl certificate.
I connected cloudflare to my WordPress and enabled HTTPS flexible.
made 2 page rules
https://www.example.com/wp-login.php*
https://www.example.com/wp-admin/*
leaving SSL as flexible but disabling cache and security level
I did install two plugins
http-https-remover
https-redirection [which I disabled now]
I mistakenly changed my sit and home urls to https://example.com
so I did access with FTP to fix it back , however the www is back still can't access the website
when I disable http-https-remover the website loads the content but its not aligned .
the website it self got the following errors :
www.site.com/:8 A Parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.cloudflare.com/cdn-cgi/nexp/dok3v=f2befc48d1/cloudflare.min.js, is invoked via document.write. This MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message.See https://www.chromestatus.com/feature/5718547946799104 for more details.
but they are not effecting the look and feel of the website .
for https://www.example.com/wp-admin/
the console is empty and the page returnes 200
the http version(when I disabel ssl from cloudflare for the 2 page rules) it gives me.
"This page isn’t working
www.assesstm.com redirected you too many time"
console :GET http://www.assesstm.com/wp-admin/ net::ERR_TOO_MANY_REDIRECTS
and the network is redirecting like crazy between http and https
disabling https in all the website gives me the redirect loop in the rest of the site
also worth mentioning that I'm not able to get the debug file after defining DEBUG with true in the wp-config.php file .
tried to force ssl on admin but didn't get a solution .
those are my wordpress plugins currently
a:14:{i:0;s:19:"akismet/akismet.php";i:1;s:44:"css3-text-and-image-overlay/css3_overlay.php";i:2;s:39:"easy-google-fonts/easy-google-fonts.php";i:3;s:50:"google-analytics-for-wordpress/googleanalytics.php";i:4;s:19:"jetpack/jetpack.php";i:5;s:29:"pirate-forms/pirate-forms.php";i:6;s:43:"shortcodes-ultimate/shortcodes-ultimate.php";i:7;s:41:"sp-news-and-widget/sp-news-and-widget.php";i:8;s:27:"tawkto-live-chat/tawkto.php";i:9;s:43:"themeisle-companion/themeisle-companion.php";i:10;s:37:"tinymce-advanced/tinymce-advanced.php";i:11;s:24:"wordpress-seo/wp-seo.php";i:12;s:32:"wp-overlays/wp-overlays-lite.php";i:13;s:25:"cloudflare/cloudflare.php";}
any suggestion
You should turn off SSL at your site and at cloudflare. See if that works.
Then set dns at cloudflare to bypass the cdn (grey cloud). Get ssl going on your site, and see if it loads under https.
If all that works, you can now turn on ssl at cloudflare (FULL, not Flexible) and switch dns back to using cloudflare (orange cloud).
Also,disable SSL and clean the cache, I'm sure that out there is a plugin for WP to help to propagate ssl url's, be sure you have it too, but what fixed my problem was disabling the rocket loader, you can find it in the speed option in cloudfare.
I just implemented CloudFront with Wordpress using W3TC. But none of my images are using the CDN. On checking Pingdom report I found that there is a redirection happening where CloudFront redirects back to my website.
Remove the following redirect chain if possible:
https://cdn.fashioncrab.com/wp-content/uploads/2016/05/secure-footer-widget1.png
https://www.fashioncrab.com/wp-content/uploads/2016/05/secure-footer-widget1.png
Here is the PingDom report https://tools.pingdom.com/#!/vDTT0/https://www.fashioncrab.com/
How to fix this so that my images are called from CloudFront instead of my server.
Note: I have made the CNAME record for cdn.fashioncrab.com in CloudFlare if that helps...
So finally I am able to resolve it myself.
Here is what I did:
Got rid of CloudFlare. Surprisingly, the site is much faster without CloudFlare
Removed "Enable 301 .htaccess redirect" option from Really simple SSL wordpress plugin
got a Free SSL certificate issued for the CloudFront distribution from AWS
Now everything is working as it should.
I've migrated my Wordpress blog to OpenShift recently. It works perfect until when you try to add a custom domain alias to your installation.
The OpenShift URL for my blog is blog-latifetunc.rhcloud.com
I added the following URL as alias: blog.latifetunc.com
(Sorry I couldn't attach images since I don't have enough reputation points. Instead I put links to images. This is my first question in StackOverflow.)
http://www.alpertunc.com/q1.png
I successfully added the CNAME record for my domain to point blog.latifetunc.com to blog-latifetunc.rhcloud.com in GoDaddy
http://www.alpertunc.com/q2.png
The problem pops up when I try to reach my blog with this alias. It says:
Safari can't verify the identity of the website "blog.latifetunc.com".
The certificate for this website is invalid. You might be connecting to a website that is pretending to be "blog.latifetunc.com", which could put your confidential information at risk. Would you like to connect to the website anyway?
(I can't even post more than two links without 10 reputation points :( So please put the above URL in front of below images as well.)
q3.png
If you click "Continue" it works fine but this alert is very scary for many users. I searched for hours for a solution with no luck. I considered buying a security certificate as well but then I thought this blog was working with an alias in its previous installation too. However we never had such an alert in browser while visiting either via the main domain or the alias.
The previous installation was on IIS and the binding were as following:
q4.png
Then when my brain was about to explode I found out that the alert is due to https. When I checked Settings from my Wordpress dashboard I realised that somehow OpenShift installs Wordpress on https and sets the permalinks to https.
q5.png
In fact whatever you type that points to *.rhcloud.com is converted to https. I know that because I added the CNAME for www.latifetunc.net to point to blog-latifetunc.rhcloud.com as well but didn't add the alias in OpenShift Applications. So www.latifetunc.net resolves to blog-latifetunc.rhcloud.com but since there is no alias defined (hence there is no vhost entry in Apache) it gives error. But even that error is in port 443!
q6.png
My main problem is to get rid of the certificate error while visiting my blog via my alias domain name. I really appreciate any help on that one.
My related question is that why on earth permalinks start with https on OpenShift Wordpress installation? If I can solve that, probably I'll solve my main problem as well.
Thanks a lot!
I checked blog.latifetunc.com on safari,chrome,firefox, and opera and I didn't get any warnings so you much have figured out a solution. However for others who may stumble across this I've provided some information:
By default OpenShift applications accept traffic on both http and https. So if you're wanting to have a custom domain but aren't worried about ssl than you can simply just use the http connection to your application (http://myapp.com). If you are wanting to apply a SSL certificate and you're on one of the plans that allow it (bronze or silver). The documentation to apply it, is in the SSL Section of the OpenShift Online User Guide.
On a Drupal 6 site we can't figure out why pages, other than the home page, refuse to be accessed in https. Accessing any page on the site, except the home page, immediately redirects back to itself at http.
Apache is correctly setup with a valid SSL certificate.
I'm certain its not the .htaccess file. There's no rewrite rules regarding https or port 443.
I added $conf['https'] = TRUE; to the settings.php
I installed the Secure Page module and configured it to secure the page we want, but it causes a redirection loop ending in a browser error.
No other modules that I can see relate to http vs. https
I can't find any admin settings regarding the base URL that would force this behavior.
I have a lot of experience with server admin, LAMP software, and a little with Drupal, but this one has me stumped. Any hints or suggestions would help me a lot.
Check to see if base url in settings.php is set to the http address. This can cause this behavior.