Troubleshooting Cloudflare 5XX errors | Cloudflare Support docs (2024)

When troubleshooting most 5XX errors, the correct course of action is to first contact your hosting provider or site administrator to troubleshoot and gather data.

Required error details for hosting provider

When contacting your hosting provider, give them the following information:

  1. Specific 5XX error code and message.
  2. Time and timezone the 5XX error occurred.
  3. URL that resulted in the HTTP 5XX error (for example: https://www.example.com/images/icons/image1.png).

The error cause is not always found in the origin server error logs. Check logs of all load balancers, caches, proxies, or firewalls between Cloudflare and the origin web server.

Additional details to provide to your hosting provider or site administrator are listed within each error description below. Cloudflare Custom Error Pages change the appearance of default error pages discussed in this article.

Error analytics

Error Analytics per domain are available within Zone Analytics. Error Analytics allows insight into overall errors by HTTP error code and provides the URLs, source IP addresses, and Cloudflare data centers needed to diagnose and resolve the issue. Error Analytics are based on a 1% traffic sample.

To view Error Analytics:

  • Log in to the Cloudflare dashboard.
  • Click the appropriate Cloudflare account for your site, then pick the domain.
  • Next, click the Analytics & Logs app icon.
  • Click Add filter, select Edge status code or Origin status code and choose any 5xx error code that you want to diagnose.

Error 500: internal server error

Error 500 generally indicates an issue with your origin web server.Error establishing databaseconnectionis a common HTTP 500 error message generated by your origin web server.Contact your hosting providerto resolve.

Resolution

Provide details to your hosting providerto assist troubleshooting the issue.

However, if the 500 error contains “cloudflare” or “cloudflare-nginx” in the HTML response body, provideCloudflare supportwith the following information:

  1. Your domain name
  2. The time and timezone of the 500 error occurrence
  3. The output of www.example.com/cdn-cgi/trace from the browser where the 500 error was observed (replace www.example.comwith your actual domain and hostname)

Error 502 bad gateway or error 504 gateway timeout

An HTTP 502 or 504error occurs when Cloudflare is unable to establish contact with your origin web server.

There are two possible causes:

  • (Most common cause)502/504 from your origin web server
  • 502/504 from Cloudflare

502/504 from your origin web server

Cloudflare returns an Cloudflare-branded HTTP 502 or 504 error when your origin web server responds witha standard HTTP 502 bad gateway or 504 gateway timeout error:

Troubleshooting Cloudflare 5XX errors | Cloudflare Support docs (1)

Resolution

Contact your hosting provider to troubleshoot these common causes at your origin web server:

  • Ensure the origin server responds to requests for the hostname and domain within the visitor’s URL that generated the 502 or 504 error.
  • Investigate excessive server loads, crashes, or network failures.
  • Identify applications or services that timed out or were blocked.

502/504 from Cloudflare

A 502 or 504 error originating from Cloudflare appears as follows:

Troubleshooting Cloudflare 5XX errors | Cloudflare Support docs (2)

If the error does not mention cloudflare, contact your hosting provider for assistance on502/504 errors from your origin.

This error can be returned in case of a compression issue at the origin, for example the origin server is serving gzip encoded compressed content but is not updating the content-length header, or the origin is serving broken gzip compressed content.You can try to disable compression at your origin to confirm if this is the root cause of the errors.

Otherwise, under certain conditions it is possible a given Data Center observes a sudden increase of traffic.In these cases our automated processes will move traffic away from such location to a different Data Center making sure there is no impact for our customers.These traffic adjustments are mostly seamless and take only a few seconds.Still, it is possible that during this automated process some clients observe added latency and HTTP 502 errors.You can find more information about our automated traffic management tools in this blogpost ↗.

Resolution

If you still need our Support team to help you investigate further, please provide these required details toCloudflare Support to avoid delays processing your inquiry:

  1. Time and timezone the issue occurred.
  2. URL that resulted in the HTTP 502 or 504 response (for example:https://www.example.com/images/icons/image1.png).
  3. Output from browsing to<YOUR_DOMAIN>/cdn-cgi/trace.

Error 503: service temporarily unavailable

HTTP error 503 occurs when your origin web server is overloaded. There are two possible causes discernible by error message:

  • Error doesn’t contain cloudflare or cloudflare-nginx in the HTML response body.

Resolution: Contact your hosting provider to verify if they rate limit requests to your origin web server.

  • Error contains cloudflare or cloudflare-nginx in the HTML response body.

Resolution: A connectivity issue occurred in a Cloudflare data center. ProvideCloudflare supportwith the following information:

  1. Your domain name
  2. The time and timezone of the 503 error occurrence
  3. The output ofwww.example.com/cdn-cgi/tracefrom the browser where the 503 error was observed (replacewww.example.comwith your actual domain and hostname)

Error 520: web server returns an unknown error

Error 520 occurs when the origin server returns an empty, unknown, or unexpected response to Cloudflare.

Resolution

Contact your hosting provider or site administratorand request a review of your origin web server error logs for crashes and to check for these common causes:

  • Origin web server application crashes
  • Cloudflare IPs ↗not allowed at your origin
  • Headers exceeding 16 KB (typically due to too many cookies)
  • An empty response from the origin web server that lacks an HTTP status code or response body
  • Missing response headers or origin web server not returningproper HTTP error responses.

If HTTP/2 is enabled at your origin web server, please check and make sure HTTP/2 is correctly configured.Cloudflare connects to servers who announce support of HTTP/2 connections via ALPN ↗.If the origin web server accepts the HTTP/2 connection but then doesn’t respect or support the protocol, an HTTP Error 520 will be returned.You can disable the HTTP/2 to Origin setting on the Cloudflare Dashboard under Speed -> Optimization -> Protocol Optimization and check your origin web server configuration further.

If 520 errors continue after contacting your hosting provider or site administrator, provide the following information toCloudflare Support:

  • Full URL(s) of the resource requested when the error occurred
  • Cloudflarecf-rayfrom the 520 error message
  • Output fromhttp://<YOUR_DOMAIN>/cdn-cgi/trace
  • TwoHAR files:
    • one with Cloudflare enabled on your website, and
    • the other withCloudflare temporarily disabled.

Error 521: web server is down

Error 521 occurs when the origin web server refuses connections from Cloudflare. Security solutions at your origin may block legitimate connections from certainCloudflare IP addresses ↗.

The two most common causes of 521 errors are:

  • Offlined origin web server application
  • Blocked Cloudflare requests

Resolution

Contact your site administrator or hosting providerto eliminate these common causes:

  • Ensure your origin web server is responsive
  • Review origin web server error logsto identify web server application crashes or outages.
  • ConfirmCloudflare IP addresses ↗are not blocked or rate limited
  • Allow allCloudflare IP ranges ↗in your origin web server’s firewall or other security software
  • Confirm that — if you have your SSL/TLS mode set to Full or Full (Strict) — you have installed a Cloudflare Origin Certificate
  • Find additional troubleshooting information on theCloudflare Community ↗.

Error 522: connection timed out

Error 522 occurs when Cloudflare times out contacting the origin web server. Two different timeouts cause HTTP error522 depending on when they occur betweenCloudflare and the origin web server:

  1. Before a connection is established, the origin web server does not return a SYN+ACK to Cloudflare within 15 seconds of Cloudflare sending a SYN.
  2. After a connection is established, the origin web server doesn’t acknowledge (ACK) Cloudflare’s resource request within 90 seconds.

Resolution

Contact your hosting providerto check the following common causes at your origin web server:

  • (Most common cause)Cloudflare IP addresses ↗are rate limited or blocked in .htaccess, iptables, or firewalls. Confirm your hosting provider allows Cloudflare IP addresses.
  • An overloaded or offline origin web server drops incoming requests.
  • Keepalivesare disabled at the origin web server.
  • The origin IP address in your CloudflareDNSapp does not match the IP address currently provisioned to your origin web server by your hosting provider.
  • Packets were dropped at your origin web server.

If you are using Cloudflare Pages, verify that you have a custom domain set up and that your CNAME record is pointed to your custom Pages domain.

If none of the above leads to a resolution, request the following information from your hosting provider or site administrator beforecontacting Cloudflare support:

  • AnMTR or traceroutefrom your origin web server to aCloudflare IP address ↗that most commonly connected to your origin web serverbefore the issue occurred. Identify a connecting Cloudflare IP recorded in the origin web server logs.
  • Details from the hosting provider’s investigationsuch as pertinent logs or conversations with the hosting provider.

Error 523: origin is unreachable

Error 523 occurs when Cloudflare cannot contact your origin web server. This typically occurs when a network device between Cloudflare and the origin web server doesn’t have a route to the origin’s IP address.

Resolution Contact your hosting providerto excludethe following common causes at your origin web server:

  • Confirm the correct origin IP address is listed for A or AAAA records within your Cloudflare DNSapp.
  • Troubleshoot Internet routing issues between your origin and Cloudflare, or with the origin itself.

If none of the above leads to a resolution, request the following information from your hosting provider or site administrator:

  • AnMTR or traceroutefrom your origin web server to aCloudflare IP address ↗that most commonly connected to your origin web serverbefore the issue occurred. Identify a connecting Cloudflare IP from the logs of the origin web server.

Error 524: a timeout occurred

Error 524 usually indicates that Cloudflare successfully connected to the origin web server, but the origin did not provide an HTTP response before the default 100 second Proxy Read Timeout. This can happen if the origin server is taking too long because it has too much work to do - e.g. a large data query, or because the server is struggling for resources and cannot return any data in time.

Error 524 can also indicate that Cloudflare successfully connected to the origin web server to write data, but the write did not complete before the 30 second Proxy Write Timeout.

Resolution

Here are the options we’d suggest to work around this issue:

  • Implement status polling of large HTTP processes to avoid hitting this error.
  • Contact your hosting providerto exclude the following common causes at your origin web server:
    • A long-running process on the origin web server.
    • An overloaded origin web server.
  • Enterprise customers can increase the 524 timeout up to 6,000 seconds using the Edit zone setting endpoint (proxy_read_timeout setting). If your content can be cached, you may also choose to use a Cache Rule with the Proxy Read Timeout setting selected instead in the Cloudflare Dashboard.
  • If you regularly run HTTP requests that take over 100 seconds to complete (for example large data exports), move those processes behind a subdomain not proxied (grey clouded) in the CloudflareDNSapp.

Error 525: SSL handshake failed

525 errors indicate that the SSL handshake between Cloudflare and the origin web server failed. Error 525 occurs when these two conditions are true:

  1. TheSSL handshake ↗fails between Cloudflare and the origin web server, and
  2. FullorFull (Strict)SSLis set in theOverviewtab of your CloudflareSSL/TLSapp.

Resolution

Contact your hosting providerto exclude the following common causes at your origin web server:

  • No valid SSL certificate installed
  • Port 443 (or other custom secure port) is not open
  • NoSNIsupport
  • Thecipher suitespresented by Cloudflare to the origin do not match the cipher suites supported by the origin web server

Additional checks

  • Check if you have a certificate installed on your origin server. You can check this article for more details on how to run some tests. In case you don’t have any certificate, you can create and install our free Cloudflare origin CA certificate. Using Origin CA certificates allows you to encrypt traffic between Cloudflare and your origin web server.
  • Review the cipher suites your server is using to ensure they match what is supported by Cloudflare.
  • Check your server’s error logs from the timestamps you see 525s to ensure there are errors that could be causing the connection to be reset during the SSL handshake.

Error 526: invalid SSL certificate

Error 526

Error 526 occurs when these two conditions are true:

  1. Cloudflare cannot validate the SSL certificate at your origin web server, and
  2. Full SSL (Strict)SSLis set in theOverviewtab of your CloudflareSSL/TLSapp.

Resolution

Request your server administrator or hosting provider to review the origin web server’s SSL certificates and verify that:

  • Certificate is not expired
  • Certificate is not revoked
  • Certificate is signed by aCertificate Authority(not self-signed)
  • The requested or target domain name and hostname are in the certificate’sCommon NameorSubject Alternative Name
  • Your origin web server accepts connections over port SSL port 443
  • Temporarily pause Cloudflareand visithttps://www.sslshopper.com/ssl-checker.html#hostname=www.example.com(replace www.example.comwith your hostname and domain) to verify no issues exists with the origin SSL certificate:

Troubleshooting Cloudflare 5XX errors | Cloudflare Support docs (3)

If the origin server uses a self-signed certificate, configure the domain to useFullSSLinstead ofFull SSL (Strict). Refer torecommended SSL settings for your origin.

Error 526 in the Zero Trust context

When using Cloudflare Gateway, an HTTP Error 526 might be returned in the following cases:

  • An untrusted certificate is presented from the origin to Gateway. Gateway will consider a certificate is untrusted if any of these conditions are true:

    • The server certificate issuer is unknown or is not trusted by the service.
    • The server certificate is revoked and fails a CRL check.
    • There is at least one expired certificate in the certificate chain for the server certificate.
    • The common name on the certificate does not match the URL you are trying to reach.
    • The common name on the certificate contains invalid characters (such as underscores). Gateway uses BoringSSL to validate certificates. Chrome’s validation logic allows non-RFC 1305 compliant certificates, which is why the website may load when you turn off WARP.
  • The connection from Gateway to the origin is insecure. Gateway does not trust origins which:

    • Only offer insecure cipher suites (such as RC4, RC4-MD5, or 3DES). You can use the SSL Server Test tool to check which ciphers are supported by the origin.
    • Do not support FIPS-compliant ciphers (if you have enabled FIPS compliance mode). In order to load the page, you can either disable FIPS mode or create a Do Not Inspect policy for this host (which has the effect of disabling FIPS compliance for this origin).
    • Redirect all HTTPS requests to HTTP.

Error 526 in the Workers context

Workers subrequests to any hostname outside of your Cloudflare zone that is not proxied by Cloudflare are always made using the Full (strict) SSL mode, even when the Workers zone is configured otherwise.

As a result, a valid SSL certificate is required at the origin.

Error 530

HTTP error 530 is returned with an accompanying 1XXX error displayed. Search for the specific1XXX errorfor troubleshooting information.

Enabling Load Balancing in China will cause a 530 error.

  • Gathering information to troubleshoot site issues
  • Contacting Cloudflare Support
  • Customizing Cloudflare error pages
  • MTR/Traceroute Diagnosis and Usage
  • Cloudflare Community Tips ↗
Troubleshooting Cloudflare 5XX errors | Cloudflare Support docs (2024)

FAQs

Troubleshooting Cloudflare 5XX errors | Cloudflare Support docs? ›

Resolving 5xx Errors

5xx server errors are often caused by customer scripts you are running on a web server. Here are a few things you should check if your web application returns a 5xx error: Check server permissions—your script may not have permission to perform the necessary operations on a file or folder.

How do you troubleshoot 5xx errors? ›

Resolving 5xx Errors

5xx server errors are often caused by customer scripts you are running on a web server. Here are a few things you should check if your web application returns a 5xx error: Check server permissions—your script may not have permission to perform the necessary operations on a file or folder.

How to fix Cloudflare error 502? ›

Cloudflare-related 502 Bad Gateway errors often occur due to temporary connection problems. So simply waiting 5 minutes and reloading the page can do the trick. If you still see a 502 bad gateway error, then clear your browser cache and reload the page again.

What is Cloudflare 5xx error? ›

Check your origin server is still up and working, is on the same IP address as you have set in your Cloudflare DNS and isn't blocking requests from Cloudflare's IP addresses. 3 Likes. bujangnim March 13, 2024, 10:41pm 3. A 5xx error occurs when there is an issue communicating with your origin server.

How do I get rid of Cloudflare error? ›

Error 520: Troubleshooting and Fixing the Cloudflare Issue
  1. Ensure Cloudflare DNS Records Are Correct.
  2. Check Headers and Cookies.
  3. Disable .htaccess.
  4. Investigate Error Logs.
  5. Use a cURL Command.
  6. Disable Cloudflare.
  7. Contact Cloudflare Support.

How do I get rid of 5xx error? ›

5xx Server Error persists – What should I do?
  1. Step 1 – Disable faulty WordPress plugins. Sometimes, users and crawlers requesting your pages see 5xx response due to outdated plugins in your Content Management System, e.g., WordPress. ...
  2. Step 3 – Fix errors in your . htaccess file. ...
  3. Step 4 – Contact your hosting provider.
Feb 6, 2023

How to solve Cloudflare problem? ›

Conclusion
  1. Ensure Cloudflare DNS records are correct.
  2. Check headers and cookies.
  3. Disable . htaccess.
  4. Investigate error logs.
  5. Use a cURL command.
  6. Disable Cloudflare.
  7. Contact Cloudflare support.

What causes Cloudflare errors? ›

The two most common causes of 521 errors are: Offlined origin web server application. Blocked Cloudflare requests.

What steps would you take to troubleshoot a website that is showing a 5xx error through the browser? ›

As a client, here are the steps you can take to troubleshoot a 5XX server error:
  1. Reload the page.
  2. Clear browser cache.
  3. Delete browser cookies.
  4. Try accessing using Incognito mode.
  5. Check your internet connection.
Sep 27, 2021

What is Cloudflare 530 error? ›

Background Error 1016 / Error 530 indicates Cloudflare is unable to send requests to your server because its origin IP cannot resolve the A or CNAME DNS record requested.

Why do I suddenly have Cloudflare? ›

Most likely this means that your domain admin has designated Cloudflare as the authoritative name server for the domain (or subdomain) in question. You can verify this by looking at the NS record for your domain using a site like Google's online Dig: https://toolbox.googleapps.com/apps/dig/#NS .

How do I clear my Cloudflare cache? ›

Clearing the Cloudflare cache

Log in to Cloudflare with your Cloudflare account. To clear the entire cache at once, click Purge Everything, and then click Purge Everything again to confirm. It can take up to 30 seconds for Cloudflare to finish clearing the cache. To selectively clear the cache, click Custom Purge.

How do I clean up Cloudflare URL? ›

Visit the Cloudflare website (https://www.cloudflare.com/) and log in to your account.
  1. Select Your Website. In the Cloudflare dashboard, you will see a list of the websites registered in your account. ...
  2. Navigate to Cache Settings. ...
  3. Clear the Cloudflare Cache. ...
  4. Wait for the Cache to Clear.

How do I troubleshoot a 500 error? ›

If the error is caused by a local problem from your end, the steps below can save you a lot of time from troubleshooting.
  1. Reload the page. ...
  2. Clear your browser cache and cookies. ...
  3. Visit the website using another network. ...
  4. Check the Error Logs of the Website. ...
  5. Reset File and Folder Permissions. ...
  6. Change the PHP version.

How do you troubleshoot Internet connectivity error? ›

  1. Check Service Isn't Being Blocked. ...
  2. Open Windows Network Diagnostics and Check Your DNS settings. ...
  3. Check the Wi-Fi Adapter. ...
  4. Reset Internet Explorer Settings. ...
  5. Reset Network Settings. ...
  6. Restart File/Windows Explorer. ...
  7. Check Windows Services. ...
  8. Forget Wi-Fi Network.
May 23, 2024

Should 5xx errors be retried? ›

HTTP status codes and the error message can give you a clue. In general, a 5xx status code can be retried, a 4xx status code should be checked first, and a 3xx or 2xx code does not need retried.

Top Articles
Watch Murder Company 2024 (.FullMovie.) Free Online on 123Movie
Kvlytv11 Weather
Wym Urban Dictionary
It May Surround A Charged Particle Crossword
Fantasy football rankings 2024: Sleepers, breakouts, busts from model that called Deebo Samuel's hard NFL year
Panorama Charter Portal
„Filthy Rich“: Die erschütternde Doku über Jeffrey Epstein
Survivor Australia Wiki
Guardians Of The Galaxy Vol 3 Full Movie 123Movies
Carmax Chevrolet Tahoe
Chronological Age Calculator - Calculate from Date of Birth
24 Hour Lock Up Knoxville Tn
Dr Paul Memorial Medical Center
Everything We Know About Wenwen Han and Her Rise To Stardom
Mit 5G Internet zu Hause genießen
Lebron Vs Pacers Stats
Pokemon Infinite Fusion Good Rod
Paulette Goddard | American Actress, Modern Times, Charlie Chaplin
Watch Valimai (2022) Full HD Tamil Movie Online on ZEE5
Skyward Weatherford Isd Login
Nbl Virals Series
Über 60 Prozent Rabatt auf E-Bikes: Aldi reduziert sämtliche Pedelecs stark im Preis - nur noch für kurze Zeit
Craigslist Apartments For Rent Ozone Park
New from Simply So Good - Cherry Apricot Slab Pie
General Kearny Inn Motel & Event Center
Exploring IranProud: A Gateway to Iranian Entertainment
Jail Roster Independence Ks
Numerous people shot in Kentucky near Interstate 75, officials say | CNN
Davias Grille
Cambria County Most Wanted 2022
Heyimbee Forum
Haverhill, MA Obituaries | Driscoll Funeral Home and Cremation Service
Roomba I3 Sealing Problem With Clean Base
8.7 Increase Of 841
Www.lookmovie.og
France 2 Journal Télévisé 20H
Computer Repair Tryon North Carolina
Hinterlands Landmarks
Understanding Turbidity, TDS, and TSS
Studentvue Paramount
Plus Portal Ibn Seena Academy
Flowers Jewel Osco
Ups First And Nees
Duna To Kerbin Transfer Window
Linden Creek Golden Retrievers
ExtraCare Rewards at the Pharmacy – Target | CVS
Katopunk Pegging
Jersey Mike's Subs: 16 Facts About The Sandwich Chain - The Daily Meal
The Hardest Quests in Old School RuneScape (Ranked) – FandomSpot
Al Horford House Brookline
Blood Types: What to Know
Choices’ summer movie preview
Latest Posts
Article information

Author: Tish Haag

Last Updated:

Views: 6478

Rating: 4.7 / 5 (47 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Tish Haag

Birthday: 1999-11-18

Address: 30256 Tara Expressway, Kutchburgh, VT 92892-0078

Phone: +4215847628708

Job: Internal Consulting Engineer

Hobby: Roller skating, Roller skating, Kayaking, Flying, Graffiti, Ghost hunting, scrapbook

Introduction: My name is Tish Haag, I am a excited, delightful, curious, beautiful, agreeable, enchanting, fancy person who loves writing and wants to share my knowledge and understanding with you.