If you manage a WordPress website, you want it to be fast and secure. That’s why many site owners connect their site to Cloudflare, a free content delivery network (CDN) and security service. Once connected, you can optimize your site’s speed with the CDN and secure it with SSL and bot protection, among other things.
However, this setup can lead to an error 521. In this post, we’ll go over what this error message means and how to fix it so you can continue to reap the benefits of a Cloudflare integration — with none of the frustrations.
What does error 521 mean?
Error 521 is an error message that indicates that, while the web browser was able to connect to Cloudflare, Cloudflare was not able to connect to the WordPress site's server. Since the web server is not returning the connection, this error message is displayed instead of the requested WordPress site.
Here’s how the error might appear on a user’s browser:
Best case scenario: your website visitors would be frustrated by this error message and try to visit your site later. Worst case scenario: they exit out and never return to your site.
To avoid both these scenarios, you want to resolve a 521 error on your site as quickly as possible. To do so, it’s important to understand the primary causes of this error.
What causes a 521 error?
A 521 error is displayed when Cloudflare cannot connect to a WordPress site’s server. This connection may have been refused because:
- The server is offline.
- The server is blocking or throttling requests from Cloudflare because it thinks it’s a security threat.
- The server is refusing Cloudflare’s request on port 443.
- The server is not presenting a valid SSL certificate.
We’ll explain these potential causes in more detail below, as well as their respective solutions.
How to Fix a 521 Error
- Check that your origin server is running.
- Check that your hosting provider isn’t throttling or blocking Cloudflare IP addresses and requests.
- Ensure that Cloudflare can connect to port 443.
- Check that you have installed a Cloudflare Origin Certificate.
1. Check that your origin server is running.
To start, you want to double check that your origin server (aka where your WordPress website is hosted) is running. If it is, check the server’s error logs to see what is causing the error. It’s possible there’s been a breakdown or outage that is causing the 521 error.
If you’re unable to complete either of these tasks, contact your hosting provider.
2. Check that your hosting provider isn’t throttling or blocking Cloudflare IP addresses and requests.
If you’re seeing the 521 error, it’s possible that your hosting provider is either throttling or blocking requests from Cloudflare IP addresses. That’s because Cloudflare is a reverse proxy. A reverse proxy acts as a gateway between clients and your origin server so clients only communicate directly with the reverse proxy server, not your origin server.
That means your origin server will see all of the traffic coming from a small range of Cloudflare IP addresses, rather than unique IP addresses from individual visitors. Your web host might interpret these requests as an attack and block them. If that’s the case, then ask them to allowlist Cloudflare’s IP ranges.
3. Ensure that Cloudflare can connect to port 443.
If you recently set your Cloudflare SSL/TLS mode to Full or Full (Strict) and are seeing a 521 error, your origin server may not be configured properly to allow Cloudflare access to a particular network port. By default, Cloudflare proxies traffic destined for a range of HTTP/HTTPS ports. When set to a Full or Full (Strict) SSL/TLS mode, then it proxies traffic destined for the HTTPS port 443. If Cloudflare’s proxy is not enabled for this network port, then it may cause the 521 error.
If you can’t enable SSL and port 443 at your origin web server, then reach out to your hosting provider.
4. Check that you have installed a Cloudflare Origin Certificate.
If you have your SSL/TLS mode set to Full or Full (Strict) and Cloudflare’s proxy is enabled for port 443, then check that you have installed a Cloudflare Origin Certificate (or one issued by a publicly trusted certificate authority). Your origin server may be configured to allow HTTPS connections on port 443 but only if it presents a valid certificate to Cloudflare. If it doesn’t, then that could cause the 521 error (or a 526 error).
In that case, you can install a Cloudflare Origin Certificate on your server.
Resolving the 521 Error
A 521 error means that your origin server (the server that hosts your WordPress site) is refusing to connect with Cloudflare. Since Cloudflare is unable to connect to your server, it presents an error message to your website visitors. This negatively impacts the user experience and can make your site look less professional and credible. Follow the steps above to mitigate these negative effects as quickly as possible.
