Why am I getting "Error 525 - SSL handshake failed" with CloudFlare when using a `herokudns.com` endpoint?


Apps using CloudFlare, a custom domain with an herokudns.com endpoint and no custom SSL certificate will see a "Error 525 - SSL handshake failed" message.


Since December 2016 all newly provisioned apps will use herokudns.com endpoints by default. https://devcenter.heroku.com/changelog-items/1060

This issue with CloudFlare occurs when the following conditions are satisfied:

  • app has a custom domain
  • app does not have a custom SSL certificate (therefore defaults to using *.herokuapp.com cert)
  • "SSL Full (Strict)" is enabled on CloudFlare

If you need "SSL Full" communication between your app and Cloudflare you will need to specify the appname.herokuapp.com domain (instead of the herokudns.com equivalent) as the CloudFlare backend, in order to use the free *.herokuapp.com certificate. If this isn't possible for some reason you will need to add a custom certificate to the app to handle requests for custom domains https://devcenter.heroku.com/articles/ssl The error occurs because a https request for a custom domain defaults to using the *.herokuapp.com certificate causing a certificate mismatch error.

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support
Terms of Service Privacy Cookies © 2018 Salesforce.com