SSL Certificates and Cloud’s Auto Pause

Huckabuy Cloud operates with uptime monitoring. To ensure everything runs smoothly, our product runs a health check every five minutes that populates an error notification. If the health check notifies that your site is running into an SSL Certificate error, then the software will automatically pause Huckabuy Cloud. The SSL Certificate error can occur when a domain has auto SSL provisioning configured.

When Huckabuy Cloud is paused all requests will be served from the site’s origin and Cloud features will be inactive. Although pausing will turn off Cloud features, the DNS records from on-boarding remain intact to prevent the need for reinstallation. You can determine this inactive or active state within the Dashboard Cloud View. Also when Cloud is paused, when accessing your domain you will see the error populate through your origin with a web browser notification and no longer the Cloudflare populated 525 error message.  [place screenshot of paused stated] After Cloud has been paused for SSL Certificate errors,  our software will continue monitoring the error and will reactivate Cloud upon resolution confirmation. Cloud reactivation can also be completed by the customer within the dashboard.

How can you tell if it is a SSL Certificate error?

If when navigating to your website you are prompted with a 525 error (screenshot below) you have encountered a SSL handshake error. This means that the SSL handshake between Cloudflare and the origin web server has failed. The error lies with the origin web server and to remedy it you will have to contact your hosting provider to amend the configuration for a healthy state. To read more about the possible causes and resolving this error check out our Knowledge Base article, Troubleshooting 525 SSL Handshake Error.

Alternatively you may encounter a 526 error, which means that Cloudflare is unable to validate the SSL certificate at your origin web server. To remedy this error you will want to contact your server administrator or hosting provider to confirm that the certificate is not revoked/expired, it is not self-signed but signed by a certificate authority, your server accepts connections over SSL port 443, and the domain name/hostname are accurately recorded with in the certificate.