Troubleshooting Cloudflare

When something goes wrong with a site behind Cloudflare, the error could originate from Cloudflare, your hosting server, or the interaction between the two. This guide covers the most common Cloudflare-related errors and how to fix them.

Cloudflare Error Codes

Cloudflare displays custom error pages with specific error codes in the 5xx range. These are different from standard server errors and indicate where the problem lies.

Error 520: Web Server Returning Unknown Error

The origin server (your hosting account) returned an empty, unknown, or unexpected response to Cloudflare.

Common causes:

• A PHP error or crash on your site that produces an invalid HTTP response.
• The response from your server is too large (headers exceeding limits).
• A plugin or script crashing before it can send proper headers.

How to fix:

1. Log into cPanel and check the Error Log (under Metrics) for recent PHP errors.
2. If you recently installed or updated a WordPress plugin or theme, try deactivating it via cPanel File Manager by renaming the plugin folder in wp-content/plugins/.
3. Check your .htaccess file for syntax errors.
4. If the issue persists, temporarily pause Cloudflare to confirm whether the error is on the server side.

Error 521: Web Server Is Down

Cloudflare cannot connect to your origin server at all. The server is either down or actively refusing connections from Cloudflare.

Common causes:

• Your hosting server is down or restarting.
• The server firewall is blocking Cloudflare's IP addresses.
• Your hosting account has been suspended.

How to fix:

1. Try accessing your site directly by its server IP address (bypassing Cloudflare) to confirm the server is responding.
2. Log into cPanel. If you can access cPanel, the server is running and the issue may be a firewall block on Cloudflare IPs. Contact Ultra Web Hosting support to verify.
3. If you cannot access cPanel either, the server may be down. Check the Ultra Web Hosting status page or contact support.

Error 522: Connection Timed Out

Cloudflare was able to reach your server but the connection timed out before the server responded.

Common causes:

• Your server is overloaded and cannot respond in time (high CPU or memory usage).
• The server firewall is dropping (silently blocking) Cloudflare's connection attempts.
• A long-running PHP process is holding up the response.

How to fix:

1. Check your resource usage in cPanel under Metrics → Resource Usage (CloudLinux LVE Stats). If you are hitting CPU or memory limits, optimize your site or consider upgrading your plan.
2. Check for long-running scripts or database queries. A slow database can cause the server to time out.
3. If the error is intermittent, it may be caused by traffic spikes. Enable Cloudflare caching and LiteSpeed Cache to reduce server load.

Error 523: Origin Is Unreachable

Cloudflare cannot resolve the origin server's IP address or cannot route to it.

Common causes:

• The A record in Cloudflare DNS is pointing to the wrong IP address.
• The A record was accidentally deleted.
• A network issue between Cloudflare and your server's data center.

How to fix:

1. In your Cloudflare dashboard, go to DNS and verify that the A record for your domain points to your Ultra Web Hosting server's correct IP address.
2. You can find your server's IP address in cPanel under Server Information on the right sidebar, or in your Ultra Web Hosting welcome email.
3. If the A record is correct, the issue may be a temporary network routing problem. Wait a few minutes and try again.

Error 524: A Timeout Occurred

Cloudflare connected to your server successfully, but the server did not send a complete HTTP response within the time limit (100 seconds on the free plan).

Common causes:

• A PHP script is taking too long to execute (e.g., a large import, export, or database operation).
• A WordPress plugin is running a heavy background task.
• A slow external API call that your site depends on.

How to fix:

1. Identify the slow script. Check your cPanel error logs and the specific URL that triggers the timeout.
2. If it is a WordPress import or heavy operation, try running it via WP-CLI over SSH instead of the web interface.
3. Increase PHP's max_execution_time in cPanel under Software → MultiPHP INI Editor. Note that Cloudflare's 100-second proxy timeout on the free plan still applies regardless of your PHP settings.
4. For operations that genuinely need more than 100 seconds, temporarily grey-cloud (DNS-only) the A record so the request goes directly to the server, bypassing Cloudflare's timeout.

Error 525/526: SSL Handshake Failed

Cloudflare could not establish an SSL connection with your origin server. Error 525 means the handshake failed, and Error 526 means the SSL certificate on the origin is invalid or untrusted.

Common causes:

• Cloudflare SSL mode is set to Full (Strict) but your hosting account does not have a valid SSL certificate (AutoSSL may not have run yet).
• The SSL certificate on the server has expired.
• There is an SSL/TLS version mismatch between Cloudflare and the server.

How to fix:

1. In your Cloudflare dashboard, go to SSL/TLS and check the current mode.
2. Set the SSL mode to Full (Strict) — this is the recommended setting when your server has a valid SSL certificate (which it should with AutoSSL).
3. In cPanel, go to Security → SSL/TLS Status and verify your certificate is valid. Click Run AutoSSL if needed.
4. If AutoSSL has not yet issued a certificate (e.g., on a brand new domain), temporarily set Cloudflare's SSL mode to Full (not Strict) until the certificate is issued, then switch to Full (Strict).

Redirect Loops (ERR_TOO_MANY_REDIRECTS)

If your site shows a "too many redirects" error or a redirect loop after enabling Cloudflare, the cause is almost always an SSL mode mismatch.

What happens: When Cloudflare's SSL mode is set to Flexible, Cloudflare connects to your server over plain HTTP. But if your server has an .htaccess rule or WordPress setting that forces HTTPS, the server sends a redirect back to HTTPS. Cloudflare receives the redirect, converts it to HTTP (because of Flexible mode), sends it to the server again, and the cycle repeats infinitely.

How to fix:

1. In your Cloudflare dashboard, go to SSL/TLS.
2. Change the SSL mode from Flexible to Full (Strict).
3. Clear your browser cache and cookies, then reload the page.

With Full (Strict) mode, Cloudflare connects to your server over HTTPS, your server sees an HTTPS connection, and there is no redirect loop.

Mixed Content Warnings

Mixed content occurs when your HTTPS page loads some resources (images, scripts, stylesheets) over plain HTTP. Browsers block or warn about these insecure resources, which can cause broken images, missing styles, or JavaScript errors.

How to fix:

• Update hardcoded http:// URLs in your content and theme files to https:// or use protocol-relative URLs (//).
• For WordPress sites, use a plugin like Really Simple SSL or the search-and-replace feature in the LiteSpeed Cache plugin to update URLs in the database.
• In Cloudflare, enable Automatic HTTPS Rewrites under SSL/TLS → Edge Certificates. This rewrites HTTP URLs to HTTPS on-the-fly where possible, without changing your source files.

Website Showing Old Content

If you have updated your website but visitors still see the old version, the issue is usually cached content.

How to fix:

1. Purge Cloudflare cache: In Cloudflare, go to Caching → Configuration → Purge Everything.
2. Purge LiteSpeed Cache: In WordPress, go to LiteSpeed Cache → Toolbox → Purge All.
3. Clear browser cache: Press Ctrl+Shift+R (or Cmd+Shift+R on Mac) to hard-reload the page, bypassing your browser cache.

If the problem persists after purging all caches, check whether your CDN or a browser extension is serving a cached copy.

Email Not Working After Adding Cloudflare

If email stops working after setting up Cloudflare, the most common cause is that your MX records or mail-related DNS records are being proxied through Cloudflare (orange cloud) instead of being set to DNS-only (grey cloud).

How to fix:

1. In your Cloudflare dashboard, go to DNS.
2. Find your MX records. MX records should point to a hostname, not an IP. They are always DNS-only and cannot be proxied.
3. Find the A record for mail.yourdomain.com (or whatever hostname your MX records point to). Click the orange cloud icon to switch it to a grey cloud (DNS-only).
4. Wait a few minutes for DNS to propagate, then test email again.

Cannot Connect via FTP

If you cannot connect to your site via FTP after enabling Cloudflare, the issue is similar to the email problem. FTP traffic cannot pass through Cloudflare's proxy.

How to fix:

1. In Cloudflare DNS, find the A record for ftp.yourdomain.com.
2. Click the orange cloud icon to switch it to a grey cloud (DNS-only).
3. In your FTP client (e.g., FileZilla), connect using ftp.yourdomain.com as the hostname instead of yourdomain.com.

Alternatively, you can connect using your server's IP address directly as the FTP hostname, which bypasses Cloudflare entirely.

Bypassing Cloudflare for Debugging

When troubleshooting, it helps to determine whether an issue is caused by Cloudflare or by your server. You can temporarily bypass Cloudflare in two ways:

Option 1: Pause Cloudflare

1. In your Cloudflare dashboard, scroll down on the Overview page.
2. In the bottom-right area, click Pause Cloudflare on Site.
3. This disables Cloudflare's proxy for all DNS records while keeping your DNS hosted at Cloudflare. Traffic goes directly to your server.
4. Test your site. If the problem goes away, it is Cloudflare-related. If the problem persists, it is server-side.
5. Remember to un-pause Cloudflare when you are done testing.

Option 2: Grey-Cloud a Single Record

If you only want to bypass Cloudflare for a specific subdomain or record:

1. In Cloudflare DNS, find the A or CNAME record you want to test.
2. Click the orange cloud icon to switch it to grey (DNS-only).
3. Wait 2-5 minutes for DNS to update, then test.
4. Switch it back to orange cloud when done.