Causes

Usually caused by a configuration issue on the origin web server, when these two conditions are true :

  • The SSL handshake fails between Cloudflare and the origin web server
  • Full or Full (Strict) SSL is set in the Overview tab of your Cloudflare SSL/TLS app.

Fixes

Step 1: Contact NET Support

Contact NET to exclude the following common causes at your origin web server:

  • No valid SSL certificate installed
  • Port 443 (or other custom secure port) is not open
  • No SNI support
  • The cipher suites accepted by Cloudflare does not match the cipher suites supported by the origin web server
Step 2: Review Origin Web Server Error Logs

If occur intermittently, review the origin web server error logs to determine the cause. Configure Apache to log mod_ssl errors. Also, nginx includes SSL errors in its standard error log, but may possibly require an increased log level.