Cloudflare Heroku Error 525 ( How To Fix It )

Are you receiving an “Error 525 – SSL handshake failed” message on your website that’s hosted on Heroku and using Cloudflare? If so, don’t worry. This article will guide you through the troubleshooting steps you can take to resolve this issue.
What is Error 525 on Cloudflare?
Error 525 on Cloudflare is an error message that indicates Cloudflare is unable to establish a secure SSL/TLS connection to the origin server, which in this case is Heroku. There are a number of reasons why this may happen, including:
- Invalid or expired SSL certificate on the origin server
- Incompatible SSL configuration on the origin server with Cloudflare
- The origin server is not responding to SSL requests
Troubleshooting Steps
Here are some steps you can take to troubleshoot and fix this issue:
Step 1: Verify SSL Certificate Validity
Check if the SSL certificate on your Heroku server is valid and has not expired. You can use online SSL checker tools such as SSL Labs or DigiCert to verify the status of your SSL certificate.
Step 2: Check SSL Configuration
Make sure that the SSL configuration on your Heroku server is compatible with Cloudflare. You can check the SSL/TLS settings in your Heroku dashboard to ensure that they match Cloudflare’s recommended settings. This step is crucial in ensuring that Cloudflare can establish a secure SSL/TLS connection to your origin server.
Step 3: Verify SSL Request Handling
Check that your Heroku server is properly configured to handle SSL requests. You can check the Heroku logs to see if there are any errors or issues related to SSL requests. If there are any errors or issues, address them accordingly to ensure that your Heroku server can handle SSL requests.
Step 4: Contact Cloudflare and/or Heroku Support
If none of the above steps helps resolve the issue, you may want to contact Cloudflare and/or Heroku support for further assistance.
Error 525 with herokudns.com
Endpoints
If you’re using Cloudflare, a custom domain with a herokudns.com
endpoint, and no custom SSL certificate, you may see an “Error 525 – SSL handshake failed” message. This issue with Cloudflare occurs when the following conditions are satisfied:
- Your app has a custom domain
- Your app does not have a custom SSL certificate (therefore defaults to using
*.herokuapp.com
cert) - “SSL Full (Strict)” is enabled on Cloudflare
If you need “SSL Full” communication between your app and Cloudflare, you can download a free certificate called “Cloudflare Origin CA certificate” from Cloudflare and upload it to any other services that you are using, such as Heroku. When using Cloudflare’s “Full (Strict)” mode, this Origin CA certificate will be seen as valid by the Cloudflare service.
Follow the instructions here to download the Origin CA certificate for your domain: https://support.cloudflare.com/hc/en-us/articles/115000479507-Managing-Cloudflare-Origin-CA-certificates. Once you’ve downloaded the certificate, you can upload it to Heroku SSL using the instructions here: https://devcenter.heroku.com/articles/ssl. After uploading the certificate, the 525 error should go away, and everything will work normally.
Note: Previously, it was recommended to use the appname.herokuapp.com
domain instead of the herokudns.com
equivalent to use the free *.herokuapp.com
certificate. However, due to some associated security concerns around domain ownership, this method is no longer recommended. If you are currently using this method, we recommend switching to using the Cloudflare Origin CA certificate instead.
Conclusion
The “Error 525 – SSL handshake failed” message on Cloudflare is a common issue that can occur when using Heroku as the origin server. It is usually caused by invalid or expired SSL certificates, incompatible SSL configurations, or issues related to SSL requests.
To resolve this issue, you can follow the troubleshooting steps outlined in this article, such as verifying SSL certificate validity, checking SSL configurations, and verifying SSL request handling.
If you’re facing an issue with herokudns.com
endpoints, you can download the free Cloudflare Origin CA certificate and upload it to Heroku SSL to resolve the issue.
By following these steps, you should be able to resolve the “Error 525 – SSL handshake failed” message and ensure that your website is secure and accessible to your visitors. If you have any further questions or concerns, don’t hesitate to contact Cloudflare or Heroku support for assistance.