Here at Ibmi Media, we have helped Customers to resolve Cloudflare errors in the past as part of our Server Support Services.
In this context, we will discuss the reason why this error occurs and how to resolve it.
What is behind Cloudflare error 527?
Cloudflare errors like this are caused by various factors. These factors tends to disrupt the connect between Cloudflare and the origin server. Have a look at some of them outlined below;
i. When the LAN timeout is exceeded or Server Connection Timeouts.
ii. Hard Network refusals.
iii. Errors in TLS/SSL Certificates.
As such, an error 527 will be generated.
We will look into these factors briefly below.
i. Solution when LAN timeout is exceeded.
As per standards, the default limit of timeout for a server to deliver a HTTP request to the Listener is 30 Seconds. This is determined in the railgun.conf file where the Timeout attribute is located. In a case whereby the origin server does not respond in time with the specified Timeout limit, an error will be populated. You can look into the Logs to see what it is. In this situation locate the Listener logs for more information. In several cases we have observed, we saw in the logs the following message;
connection failed 0.0.0.0:443/example.com: dial tcp 0.0.0.0:443: i/o timeout
Therefore, it is only ideal to extend such Time limits and also check that the server loads or bandwidth of the web server is not exceeded due to overload.
ii. Solution when there is Hard Network refusals.
By observing the Railgun logs, you might see the following error message suggesting that the connection was refused;
Error getting page: dial tcp 0.0.0.0:80:connection refused
Therefore in this case, opening the firewall for the Listener's Server IP in line with the origin's server will help to solve this issue.
iii. When there are Errors in the TLS/SSL Certificates.
When there are errors in the TLS/SSL Certificates, there would be a failure in connection of the TLS requests when trying to connect to the origin server of the Railgun Listener, thereby resulting in connections errors. You might see error message in the Railgun Logs such as;
connection failed 0.0.0.0:443/example.com: remote error: handshake failure
connection failed 0.0.0.0:443/example.com: dial tcp 0.0.0.0:443:connection refused
connection failed 127.0.0.1:443/www.example.com: x509: certificate is valid for
example.com, not www.example.com
To fix this issues, you can either check that Port 443 is accessible, the origin web server possesses an SSL certificate, the common name of the origin server's Certificate has the respective hostname and that in the Cloudflare's SSL/TLS app, the SSL is set to "FULL" mode.
[Do you need support in fixing Cloudflare related errors? You can reach us Now.]
In summary, you can see that Cloudflare error 526 takes place as a result of an interruption in the connection between Cloudflare and the origin's Railgun server (rg-listener). Our Expert Server Support Team handles such Cloudflare Issues.