Encountering Error 521 after a website migration is complete is a common problem for many webmasters. This error indicates that Cloudflare cannot connect.to the server, resulting in the website can not be accessed. In this article, from a few typical causes, detailed explanation of the root cause of the problem and practical solutions to help you restore normal access to the site.

What is Error 521?

Error 521 Indicates that Cloudflare is trying to connect to your server and the server refuses to connect or is not responding. It is not a server downtime, but mostly a configuration or network level issue.Cloudflare proxy service is not able to access the website properly, resulting in users not being able to open web pages.

Typical Cause #1: Server Firewalls Block Cloudflare IPs

Cloudflare has a fixed IP address segment, if the serverfirewallsWithout releasing these IPs, Cloudflare's request is denied.

The solution is to get the latest official IP list of Cloudflare

Add to server firewall whitelist

Ensure that firewall rules or security software (e.g., Fail2Ban, CSF) allow access to these IPs HTTP/HTTPS port.

Typical Cause 2: Server port not turned on or misconfigured

Cloudflare access to the server is typically through ports 80 and 443. If these ports are closed or misconfigured, the connection cannot be established.

It is recommended to check if these two ports are open on the server

Web servers (e.g. Apache(Nginx) is listening on the corresponding port. You can use the command netstat-tuln Check the port status to confirm that the service is running properly.

Typical Cause 3: Wrong DNS Settings

Incorrect domain name resolution can also cause a 521 error.Cloudflare's proxy requests need to be properly DNS resolved to the source server IP.

Verify that the A record or CNAME in the DNS record correctly points to the server, and confirm that Cloudflare's proxy feature is enabled (is the cloud icon orange). Use the nslookup or an online tool to check if the domain name is resolved correctly.

Typical Cause 4: Web Server Not Starting or Crashing

server-based web (loanword) The service is not running and naturally Cloudflare cannot connect.

Log in to the server and use the systemctl status apache2 maybe systemctl status nginx Check the status of the service. If the service is not running, you can execute the start command systemctl start nginx etc. Check the log files to locate any crashes or errors.

Typical Cause 5: SSL Certificate Configuration Problems

SSL Incorrect or expired certificates may cause the server to respond abnormally, affecting Cloudflare connections.

Check that the certificate is valid and that the server is configured correctly. You can use tools such as SSL Labs to check the status of the certificate to ensure that it is correct.

Detailed Procedure: Troubleshooting and Resolving Error 521

1. Verify that the server is online

• Connect to the server using SSH (e.g. with PuTTY or a terminal)
• Execute the command: ping your-server-ip If you can receive a reply, the server is online.
• You can also access the server's control panel to check the status of the host.

2. Checking and releasing Cloudflare IPs

• Log in to the server administration or use SSH to connect
• Get a list of official Cloudflare IPs:Cloudflare IPs
• Perform the corresponding action depending on the firewall type of your server:
  • iptables Example command: iptables -I INPUT -p tcp -m multiport --dports 80,443 -s -j ACCEPT classifier for objects with a handle Replace with the actual IP and repeat to add all IPs.
  • UFW (Ubuntu) Example: ufw allow from to any port 80 ufw allow from to any port 443
• Restart the firewall for the rule to take effect.

3. Verify that the port is open and listening

• Connecting to the server via SSH
• Run the command to view the port status: netstat -tuln | grep -E "(:80|:443)"
• If the port is not listening, check the web service configuration and start the service.

4. Checking the status of Web services

• Take Nginx as an example: systemctl status nginx
• Apache Example: systemctl status apache2
• If the service is not running, execute the start command: systemctl start nginx maybe systemctl start apache2
• Check the error log location, such as /var/log/nginx/error.log maybe /var/log/apache2/error.logThe

5. Verify DNS configuration

• Use commands or online tools to query DNS: nslookup yourdomain.com
• Verify that the resolved IP address is the correct IP for the server.
• Log in to the Cloudflare panel and check the DNS settings to make sure that the corresponding record has proxy enabled (the cloud is orange).

6. Checking SSL Certificate Configuration

• Detection using an online tool: SSL Labs
• Confirmation that the certificate is valid and has not expired.
• Verify that the server configuration file correctly points to the certificate path.

7. Clearing the cache and testing

• Clear Cloudflare cache to avoid old configurations affecting access.
• Clear the server cache (if there is a caching plugin or CDN).
• Access the test site using a different network or device.

summarize

Error 521 Mostly caused by connection failures between Cloudflare and the server. Most problems can be resolved by adjusting firewall rules, checking ports, verifying DNS, managing web services, and maintaining SSL configurations. Keeping the server configuration synchronized with Cloudflare settings after a site migration can help avoid similar failures.

Contact Us
Can't read the tutorial? Contact us for a free answer! Free help for personal, small business sites!	Customer Service
① Tel: 020-2206-9892
② QQ咨詢：1025174874
(iii) E-mail: info@361sale.com
④ Working hours: Monday to Friday, 9:30-18:30, holidays off