How to Fix Cloudflare Error 520: Web Server Is Returning an Unknown Error

What Does Cloudflare’s Error 520 Mean?

When accessing a website, you may sometimes encounter the error message “Error 520: Web Server Is Returning an Unknown Error.” This frustrating error indicates that the web server is experiencing an issue that is preventing it from responding to requests properly. There are a few potential causes of the Error 520 message. It could be that the server is overloaded and unable to handle the volume of requests. The server may have crashed or be undergoing maintenance. There could also be a software bug or configuration issue on the server preventing it from responding correctly.

A network connectivity problem between the server and client can also lead to the Error 520. Regardless of the specific cause, Error 520 means the web server is unable to fulfill the request at the moment. Troubleshooting and correcting the underlying issue on the server side is necessary to resolve Error 520 and restore normal website functionality.

Being aware of the Error 520 meaning can help users understand why a site is inaccessible and what needs to be done to get it working again.

Key Takeaways

11 Easy Ways to Fix Cloudflare’s “Error 520 Web Server Is Returning an Unknown Error”

#1 Check Cloudflare Status Page

The first thing to check is Cloudflare’s status page at https://www.cloudflarestatus.com/. This provides an overview of any known issues with Cloudflare’s services and network that could be impacting connectivity.

If there are no reported problems, you can rule out a wider Cloudflare outage being the cause of the 520 errors. The issue likely lies specifically between Cloudflare and your origin server.

#2 Verify Origin Server Health

Next, you need to verify your origin web server is up and running properly. The 520 error means Cloudflare can’t reach it to fetch content to cache and serve visitors.

Sign into your hosting provider or server and check the status. Make sure the web server process is running and that you can access your site locally if it’s on-premises. Try loading pages directly without going through Cloudflare.

If your origin is down or not responding, focus on troubleshooting there first to bring it back online. Cloudflare can’t operate without being able to connect to your server.

#3 Check Firewalls and Network Config

If your origin server seems healthy, the next step is checking for any networking or firewall configurations that could be blocking Cloudflare’s access.

Cloudflare’s IPs are published at https://www.cloudflare.com/ips/ so you can whitelist them. However, restrictive server firewall policies can sometimes unintentionally cut off Cloudflare’s connectivity.

Double-check that the routing and DNS records between Cloudflare and your host are configured correctly. You may also need to open specific ports required for web traffic.

Your hosting provider can assist with identifying any issues if the server is hosted externally.

#4 Disable Caching

Another option is disabling Cloudflare’s caching entirely as a test. This forces all requests to hit your origin server directly, allowing you to see if traffic is able to pass through.

In the Cloudflare Dashboard, go to “Caching” and toggle the mode to “Off.” Monitor if the 520 errors persist during this time or if traffic begins reaching your site normally without caching enabled.

This can help narrow down where the connectivity breakdown is occurring. Don’t keep caching off permanently, as it will put an extra load on your origin server if the issue persists.

#5 Flush Cache

Alternatively, you can try flushing Cloudflare’s cache entirely. Over time, cached data can become stale, corrupt, or invalid. Wiping the cache forces Cloudflare to reload all content from your server.

In the Cloudflare Dashboard, go to the “Caching” section and select “Purge Everything.” This will purge all cached files across their entire global network. It may take some time to clear the cache fully.

Monitor the site after flushing the cache to see if Error 520 goes away. If so, a bad cache likely built up and needed to be wiped. Enable caching again after verifying the flush resolved the issue.

#6 Update Cloudflare IP Ranges

For sites using firewall whitelisting, another possibility is that Cloudflare’s IPs have changed and need to be updated in the firewall configuration.

Cloudflare announces IP range changes via email and on their Trust page. If IPs were updated recently, you’ll need to whitelist the new ranges.

Refer to the currently announced IPs at https://www.cloudflare.com/ips and update firewall policies accordingly. The IPs often shift every few months, so staying on top of changes helps avoid connectivity problems.

#7 Review Server Resources

In some cases, 520 errors may indicate your origin server is overloaded and unable to keep up with requests coming from Cloudflare’s network.

Review performance metrics like CPU, memory usage, concurrent connections, etc., to ensure your server has sufficient resources allocated. If site traffic has grown, load time may have increased substantially.

Consider scaling up your server or optimizing resource-intensive applications to handle the load. Slow origin servers lead to timeouts and 520 errors.

#8 Check Origin Certificates

If you are using HTTPS between Cloudflare and your origin, another factor can be expired SSL certificates or misconfigured SSL certificates on the origin server.

Cloudflare needs to make a verified SSL connection to fetch and cache content. Review that the original SSL certificate is valid and installed properly.

The certificate should match the origin domain, be signed by a trusted CA, and have a valid period before expiration. This is required for Cloudflare to establish a secure connection.

#9 Review Origin TLS Settings

Related to certificates, you may also need to review that your origin web server’s SSL/TLS settings are compatible with Cloudflare requirements:

Older protocols like SSLv3 or TLS 1.0/1.1 may need to be disabled as Cloudflare phases out support. Weak ciphers like RC4-SHA can also cause issues.

Compare your origin TLS configuration against Cloudflare’s origin TLS guidance to identify potential mismatches.

#10 Try Different Origins

As a test, you can attempt switching origins to a different server. Set up a simple origin environment, such as hosting a static HTML file on S3 or using a hosted service with a trial account.

Configure that as your temporary origin and see if Cloudflare is able to fetch content, eliminating your infrastructure as the culprit.

This can help determine if the 520 issue is isolated to your origin or exists across multiple sources. Fix any origin-specific problems before switching back.

#11 Contact Cloudflare Support

If you still cannot resolve the Error 520 issue after thoroughly checking connectivity and your origin server, reach out to Cloudflare support for assistance.

Provide any details you’ve gathered from troubleshooting and any Cloudflare settings or policies that could be involved.

There may be a configuration problem on Cloudflare’s side or incompatibility with certain features specific to your site. Their team can investigate and identify the cause of the 520 errors.

Final Thoughts

Resolving Cloudflare’s Error 520 message and restoring normal site functionality requires methodically troubleshooting between Cloudflare and your origin infrastructure to identify the connectivity breakdown. Follow the step-by-step guide outlined here to check possible causes like server issues, network restrictions, cache problems, and misconfigurations.

Be sure also to leverage Cloudflare’s tools, like disabling caching and flushing the cache to test theories, and don’t hesitate to engage their support team. With a systematic approach, the root cause of the 520 errors can be uncovered and addressed, whether on your hosting provider side, within Cloudflare or along the network path between them.

Getting to the bottom of the issue will allow visitors to your site to bypass the 520 message and access your content again through Cloudflare’s CDN and security protections.

Frequently Asked Questions about Fixing Cloudflare Error 520

Here are some common questions and answers about troubleshooting and fixing Cloudflare’s Error 520 issue:

What causes the Cloudflare Error 520 message?

The 520 error means Cloudflare can’t establish a connection with your origin web server to fetch content to cache and serve visitors. It’s typically caused by an issue or misconfiguration either with your origin, Cloudflare, or the network path between them.

Does Error 520 mean my server is down?

Not necessarily. Your origin server could be up and running but unreachable from Cloudflare’s network due to firewall rules, network routing problems, invalid SSL certificates, or other connectivity issues that block requests. Always check the origin server’s health first, but don’t assume it’s down.

Can my hosting provider firewall block Cloudflare?

Yes, hosting providers often have firewalls that can block Cloudflare’s IPs unintentionally if the IP ranges aren’t whitelisted. Work with your hosting provider to ensure their firewalls allow connections from Cloudflare’s published IP ranges.

Why does Error 520 happen even with a healthy origin server?

With a working origin, the issue is almost always network-related. You’ll need to troubleshoot routing, DNS configuration, firewall policies, SSL certificates, and TLS settings to find where the breakdown in connectivity is occurring between Cloudflare and your origin.

Should I disable Cloudflare caching to fix Error 520?

Temporarily disabling caching can help rule out issues with Cloudflare’s cached content, but don’t leave it off permanently. Flushing the cache can also force fetching fresh content from your origin.

Why does flushing the cache help fix Cloudflare Error 520?

Over time, cached content can become stale, corrupted, or invalid. Flushing Cloudflare’s cache clears out any bad cached data so fresh content can be re-fetched from your origin server. If the 520 error goes away after a flush, a bad cache is likely the issue.

What could cause my Cloudflare certificate not to be verified?

The most common SSL issues are an expired certificate on the origin, the wrong certificate being served, or incompatible cipher settings on the origin server. Double-check those issues to ensure Cloudflare can make a verified HTTPS connection.

Should I contact Cloudflare support for Error 520 issues?

Yes, after thoroughly checking your origin server health and connectivity path, Cloudflare support can help investigate and pinpoint any configuration issues on their side or incompatibilities causing the 520 errors. They may spot something in your specific settings and policies.

How can Cloudflare not reach my origin?

Some troubleshooting steps, such as disabling caching, flushing cache, and trying alternate origins, can provide clues about whether the issue is with your own infrastructure or Cloudflare’s. Cloudflare support can also run diagnostics to identify the exact point of failure.

Can my origin server cause Error 520 if it’s slow or overloaded?

Yes, an overloaded origin that is slow to respond can lead to timeouts and 520 errors from Cloudflare’s side. Make sure your origin has sufficient resources to handle the levels of traffic passing through Cloudflare’s network. Scaling up your server may help.

How can I prevent Error 520 in the future after fixing it?

Set up monitoring on your origin server and its network path to monitor performance metrics and uptime. Watch for Cloudflare IP and TLS changes and keep configurations updated. If issues recur, talk to Cloudflare support about permanent solutions.

Priya Mervana

Verified Web Security Experts

Priya Mervana is working at SSLInsights.com as a web security expert with over 10 years of experience writing about encryption, SSL certificates, and online privacy. She aims to make complex security topics easily understandable for everyday internet users.