CDN Error Guide
Comprehensive guide to understanding and resolving CDN-specific errors, primarily from Cloudflare. These errors occur at the edge between the CDN and your origin server.
Web Server Returned an Unknown Error
Cloudflare cannot determine what went wrong with the origin server.
Common Causes
- •Origin server returned an empty or invalid response
- •Origin server closed connection unexpectedly
- •Protocol mismatch between Cloudflare and origin
Solutions
- ✓Check origin server error logs
- ✓Verify origin server is responding correctly
- ✓Ensure origin accepts connections from Cloudflare IPs
- ✓Check for rate limiting on origin server
Web Server Is Down
The origin server refused connections from Cloudflare.
Common Causes
- •Origin server is offline or unreachable
- •Firewall blocking Cloudflare IP ranges
- •Network connectivity issues
- •Origin server overloaded
Solutions
- ✓Verify origin server is running and accessible
- ✓Whitelist Cloudflare IP ranges in firewall
- ✓Check DNS settings point to correct origin
- ✓Ensure origin has sufficient resources
Connection Timed Out
Cloudflare timed out contacting the origin server.
Common Causes
- •Origin server is overloaded and slow to respond
- •Network latency or packet loss between Cloudflare and origin
- •Long-running requests exceeding timeout
- •Firewall dropping packets
Solutions
- ✓Optimize origin server performance
- ✓Increase origin server timeout settings
- ✓Scale up origin server resources
- ✓Check network connectivity and latency
- ✓Review and optimize slow database queries
Origin Is Unreachable
Cloudflare could not reach the origin server.
Common Causes
- •DNS records for origin are incorrect
- •Origin IP address has changed
- •Network routing issues
- •Origin server hosting provider issues
Solutions
- ✓Verify DNS A/AAAA records are correct
- ✓Check origin IP address hasn't changed
- ✓Contact hosting provider about network issues
- ✓Verify origin is not behind a firewall blocking Cloudflare
A Timeout Occurred
Cloudflare made a successful connection but the origin didn't respond in time.
Common Causes
- •Long-running requests exceeding 100s timeout
- •Slow database queries
- •Resource-intensive operations
- •Application-level timeouts
Solutions
- ✓Optimize slow queries and operations
- ✓Implement background job processing for long tasks
- ✓Use caching to reduce origin load
- ✓Optimize application code performance
- ✓Consider using Cloudflare Workers for long-running tasks
SSL Handshake Failed
Cloudflare couldn't negotiate an SSL/TLS handshake with the origin server.
Common Causes
- •Origin certificate is invalid or expired
- •SSL protocol mismatch
- •Cipher suite incompatibility
- •Self-signed certificate not trusted
Solutions
- ✓Ensure origin has valid SSL certificate
- ✓Update to modern TLS version (1.2+)
- ✓Configure compatible cipher suites
- ✓Use Cloudflare Origin CA certificate on origin
Invalid SSL Certificate
Cloudflare couldn't validate the SSL certificate on the origin server.
Common Causes
- •Origin certificate is expired
- •Certificate hostname mismatch
- •Untrusted certificate authority
- •Incomplete certificate chain
Solutions
- ✓Renew expired SSL certificate
- ✓Ensure certificate matches origin hostname
- ✓Install complete certificate chain
- ✓Use Cloudflare Origin CA or trusted CA certificate
Origin DNS Error
Cloudflare encountered an error resolving the origin hostname.
Common Causes
- •DNS records are missing or incorrect
- •DNSSEC validation failure
- •DNS server is down
- •Recently changed DNS not yet propagated
Solutions
- ✓Verify DNS A/AAAA records exist and are correct
- ✓Check DNSSEC configuration if enabled
- ✓Wait for DNS propagation (up to 48 hours)
- ✓Test DNS resolution with dig or nslookup
About CDN 5xx Errors
CDN-specific errors (520-530 range) indicate issues between the CDN edge and your origin server. Unlike standard HTTP errors, these require checking both CDN configuration and origin server status.
When troubleshooting CDN errors, always check:
- Origin server is running and accessible
- Firewall rules allow CDN IP ranges
- SSL certificates are valid and properly configured
- DNS records are correct
- Origin server has sufficient resources