How to Solve SSL Handshake Failure of Blogger Site on Cloudfare


Solution to Blogger Sites Using Cloudflare with 525 Error

After using Cloudfare CDN for your custom Blogger domain (that is a www.example.com) for some years, there may be conflict between an expired Blogger SSL certificate and active Cloudfare SSL certificate, resulting to your visitors receiving an “525 SSL Handshake Failed” error.

Once it starts, it first affects your root domain. At this stage, your domain global coverage will begin to drop. People from other regions will not be able to visit your site directly except through search engines or page URLs. It will continue to drop until all your blog’s URLs will no long be reachable. The response will be "Website is returning an unknown error"


When such failure occurs, there are two methods you can apply to rectify the problem.

  1. Remove your site from Cloudfare
  2. Disable STTPS Redirect on Blogger

METHOD 1

Delete Your Site from Cloudfare

If you blog develops such problem, the first thing to do to remedy the situation is to remove your site from Cloudfare.

How to Remove Your Blogger Site from Cloudfare

As a Blogger user, you can change Nameservers and make use of Blogger’s new custom domain SSL certificate.

If you have little knowledge of how to integrate site on Cloudfare and/ or you probably moved your site to Cloudflare yourself, this process would not be difficult for you. But then, any mistakes can mean hours or one full day of “this site can’t be reached.”

Hope you know the effects of such on a website that get visits everyday: it annoys your users, gives a bad impression to visitors, stays inaccessible to search engine crawlers, and loss of revenue if you have ads or affiliate products that generate income for you.

Pausing, deleting or disabling your website on Cloudflare is the last step in the process.

The first step should be returning your domain Nameservers to the original registrar. This allows your website to be live and accessible through out the switching or deletion process

How to Move Your Website Back to Original Registrar

Remove Cloudfare nameservers on DNS at original registrar, which may be Namecheap, Godaddy or some other web hosting companies. Replace Cloudflare’s nameservers with the default nameservers at registrar’s DNS panel. If you don’t have access to DNS panel at client area of your domain registrar’s platform, you can contact them for support.

Once you are done, check your site at intodns.com – enter your URL without www.

Note that the propagation may take 24 hour to 72 hours or less to complete.

If your site now points to your Host, you can now grey-cloud DNS on Cloudflare.  (If you are on blogger.com, it should point to ghs.google.com)

Now go to your Blogger Setting and  enable https for your website.

Once you are done, go to Cloudflare DNS tab and grey-cloud every single DNS setting.

Contact your registrar to see if they have control over your DNS. This helps you confirm if the nameserver changes have gone global. 

If you disable or take your site off Cloudflare before the nameserver changes go global, your website will immediately go offline.

Even when your domain name registrar confirms control over DNS, it’s advisable to still wait for at least 24 hours before completely deleting your website from Cloudflare.

To delete your website from Cloudflare, take the following steps:

  • Login to cloudflare
  • Select website you want to delete
  • Make sure you are on the Overview tab
  • Click on Advanced link
  • Click on delete
  • Confirm delete

Your site should now be live and reachable again.

METHOD 2

Turn Off HTTPS Redirect on Blogger Setting, and Change HTTPS Protocol on Cloudfare from Very Strict to Strick or Flexible.

Another way to resolve SSL Handshake Failure of Blogger Site on Cloudfare is to turn off HTTPS Redirect on Blogger and  change HTTPS Protocol on Cloudfare from Very Strict to Strick or Flexible.

How to Turn Off HTTPS Redirect on Blogger

  • Log in to your Blogger account
  • Select the affected domain (if you have more than one site on the Blogger account)
  • Go to Setting 
  • Locate STTPS
  • Under STTPS, locate STTPS Redirect and turn off the radio button.

After some hours, STTPS availability status will change from Unknown or Unavailable to Available. See the image below 👇

I will advise you use this second method because in most cases when you use the first method —  taking your site off from Cloudfare back to your domain registrar, your site will still be unreachable. If you have tried to solve the problem using the first method and SSL Handshake failure still persist or your site is still not reachable, don’t panic. All you have to do is to follow this second method.

What you should do is to change your Nameservers with the ones provides by Cloudfare. Set HTTPS Protocol on your Cloudfare account to Strick or Flexible. Then go to your Blogger Stetting and disable STTPS Redirect by turning off the radio button.

Previous Post Next Post