How to Fix Cloudflare 522 Error?


If you are a website owner, you may have encountered the Cloudflare 522 error. This error occurs when Cloudflare is unable to establish a secure connection with the origin server. This can be caused by a variety of issues, including network congestion, server configuration, or even a firewall blocking the connection. Fortunately, there are a few steps you can take to fix the Cloudflare 522 error and get your website back up and running. In this guide, we will discuss the causes of the Cloudflare 522 error and provide some tips on how to fix it.

How to Fix Cloudflare 522 Error?

1. Check your server’s connection: Make sure your server is connected to the internet and is not experiencing any connection issues.

2. Check your firewall settings: Make sure your firewall is not blocking the connection from Cloudflare.

3. Check your DNS settings: Make sure your DNS settings are correct and that the domain is pointing to the correct IP address.

4. Check your origin server: Make sure your origin server is up and running and is not experiencing any issues.

5. Check your SSL certificate: Make sure your SSL certificate is valid and up to date.

6. Check your browser settings: Make sure your browser is not blocking the connection from Cloudflare.

7. Contact Cloudflare Support: If you are still experiencing the 522 error, contact Cloudflare Support for further assistance.


Cloudflare error 522 is an error code indicating that a server cannot access the target webpage. The 522 code is also referred to as the connection timeout error.

This article explains what the error is, why it occurs, and how to fix the Cloudflare 522 error.

How to Fix Cloudflare 522 Error?

What is a 522 Error?

Cloudflare is a content delivery network (CDN) service that accelerates and secures website connections. However, when a website’s origin server fails to respond within a certain timeframe, users encounter an error code called Cloudfare 522 error. This error code is often accompanied by the message Connection timed out or Cloudflare error 522.

The 522 error occurs when the Transmission Control Protocol (TCP) handshake between the web server and a website that uses Cloudflare as the CDN fails.

These are the steps in this three-way handshake:

1. Cloudflare initiates a connection request by sending a packet with the SYN (Synchronize) flag to the origin server.

2. The origin server receives the packet and acknowledges the connection request by sending the SYN-ACK packet to Cloudflare.

3. Cloudflare receives the SYN-ACK packet. To confirm the connection and complete the handshake, the CDN is expected to respond with the packet with the ACK (Acknowledgement) flag.

Successful TCP handshake diagram.

The ACK flag confirms that the Handshake is a success and that the communication continues.

However, if the origin server does not respond with SYN-ACK in time and the packet fails to reach Cloudflare, the CDN does not send the ACK signal, resulting in an unsuccessful handshake.

Unsuccessful TCP handshake diagram.

Cloudflare returns a 522 error to the user’s browser, indicating that the connection has timed out and the server is unable to establish a connection with the website.

Cloudfare 522 error

What Causes a 522 Error?

The unsuccessful handshake is the root cause of error 522. However, the server’s slow response time has various reasons. The most common causes of the 522 error are:

  • Slow or unstable internet. Network connectivity issues and latency are caused by incorrect DNS settings, issues with the client’s Internet Service Provider (ISP), or a blocked/limited connection by the client’s firewall or other security software.
  • Server overload. If the server is experiencing high traffic or undergoing maintenance or updates, a timely response to the client’s request is unlikely.
  • Offline server. The server won’t complete the TCP handshake with the client if it’s offline or unresponsive due to misconfiguration.
  • SSL certificate issues. When an SSL certificate is expired, invalid, or revoked, the browser does not trust it, and as a result, does not establish a secure connection with the server.
  • Routing problems. If the traffic is being routed through an unreliable or congested network, the handshake fails.

How to Fix a 522 Error?

The first step to fixing the 522 code is to see if the website is down for everyone and by checking the Cloudflare system status page. However, if the website is working and the problem persists, several effective ways help website owners troubleshoot and fix the issue.

The following sections present common steps to take to resolve the 522 error.

Step 1: Optimize the Origin Server

The origin server, which hosts the website, is crucial in delivering content to visitors. Server overloading leads to slow or unresponsive servers causing the 522 error. Optimize the origin server and increase its capacity to address overloading, by completing this checklist:

  • Check the server’s CPU and memory usage. Upgrade to a higher capacity server or add more resources to the existing one if the server is overloaded.
  • Use software like Apache or NGINX to optimize the server performance and allow it to handle a large number of requests without slowing down.
  • Monitor network bandwidth and web traffic to identify potential bottlenecks. Different online tools provide data on website usage, page load times, and other metrics and help pinpoint where traffic is slowing down.
  • Review and optimize database queries.
  • Reduce the size of website files, images, and scripts.
  • Monitor the network connection between the origin server and Cloudflare to ensure that the server is accessible from Cloudflare’s network.
  • Configure a load balancer correctly to ensure the balancer is able to handle traffic spikes.

Step 2: Check the Firewall Settings

Firewalls sometimes block traffic from Cloudflare, which causes the 522 error. To prevent this, check whether you can reach the website from outside the network. Try accessing the website from a different network or use an online tool to check the accessibility. If the website is restricted, then the firewall is blocking traffic from Cloudflare.

Moreover, make sure any third-party firewall is configured correctly. Whitelisting Cloudflare IPs in the firewall settings prevents your firewall from blocking Cloudflare traffic. Cloudflare provides a list of IP addresses and ranges to add to the firewall’s whitelist to allow Cloudflare traffic.

Step 3: Customize DNS/IP Settings

Incorrect DNS configuration is one of the causes of the 522 error. To review Cloudflare DNS settings and fix potential issues, select the website on the Cloudflare control panel and:

1. Click the DNS tab.

Cloudfare DNS settings

2. Review the Address Record (A Record) to ensure that the IP addresses on both the hosting servers and Cloudflare are the same. Different IP addresses are a possible 522 error cause.

3. If the A records are different, find the A record with the incorrect IP address.

4. Click the pencil icon to edit the record.

5. Enter the correct IP.

 6. Click Save.

Step 4: Check for SSL Certificate Issues

A valid and up-to-date SSL certificate is essential to prevent the Cloudflare 522 error. The padlock icon in the browser’s address bar provides a quick indication of whether a website uses a valid SSL certificate.

Connection is secure

Select the Connection is secure option to confirm that the certificate is valid:

SSL certificate is valid

However, the padlock does not offer exhaustive information about the certificate’s expiration date or any other issues behind the 522 error. To get more details about the SSL certificate, use an online SSL Checker tool and look for:

  • Expired certificates.
  • Certificate chain errors with a missing or incorrect intermediate certificate.
  • Mismatched certificates that don’t match the website domain name or hostname.

Renew the certificate with the certificate authority or install the correct one to fix these issues.

Other issues, such as weak cipher suites or incorrect SSL configuration, require editing the SSL file.

Step 5: Turn on KeepAlive

KeepAlive is a header that maintains a constant connection between a client and a server. Both Cloudflare and the origin web server use KeepAlive.

Cloudflare employs the KeepAlive header to maintain an open HTTP connection between a client and a server for a longer period. This process enhances performance and reduces the number of times the client needs to reestablish a connection.

On the origin server, KeepAlive is enabled by default. However, If the header is disabled, 522 happens due to connection failure.

To fix error 522, adjust the KeepAlive setting in the web server’s configuration file, by adding the following:

KeepAlive On

For example, the Apache configuration file in Ubuntu is located at /etc/apache2/apache2.conf. To turn on KeepAlive, access the terminal and follow these steps:

1. Open the Apache configuration file in Vim or another text editor:

sudo vim /etc/apache2/apache2.conf

2. Search for the KeepAlive line in the file. If the line is not there, add the following:

KeepAlive On
KeepAlive on apache config file

3. Save and exit the file.

4. Restart the Apache service to apply the changes:

sudo service apache2 restart
sudo service apache2 restart terminal output

Step 6: Check the Cloudflare Configuration

Review the Cloudflare configuration to ensure that it is set up correctly and that no issues are causing the 522 error

To accomplish this, check DNS, SSL, and firewall settings. Additionally, verify that the origin server is configured properly and responding to HTTP requests.

Step 7: Enable Cloudflare’s Under Attack Mode

If the issues persist even after following the steps above, enable the Cloudflare Under Attack mode. This security feature enhances the protection against DDoS (Distributed Denial of Service) attacks and helps mitigate the 522 error. The Under Attack mode blocks malicious traffic and prevents it from reaching the origin server, which reduces the response time.

While there are several ways to enable Under Attack mode, the easiest one is through the Quick Actions section. After logging into the Cloudflare account, follow these steps:

1. Choose the website for which you want to enable the Under Attack mode.

2. Navigate to the menu at the top of the page.

3. Select the Overview tab.

Cloudflare overview tab

4. Scroll down to the Quick Actions section.

5. Click the DNS Settings tab.

5. Toggle the I’m Under Attack switch.

Activate under attack mode

Step 8: Contact Cloudflare-Support

Get in touch with Cloudflare Support if all the other options fail. To access the Support options, choose Support from the top menu and click Contact Cloudflare.

Contact Cloudflare

Cloudflare offers two ways of support. The Live chat option is limited to Business and Enterprise accounts only. However, Support tickets are available for everyone.

Cloudflare support options


After reading this article you know how to fix the Cloudflare 522 error.

Next, learn how to fix Cloudflare errors 520 error, 521 error, and 526 Invalid SSL Certificate.

How to Fix Cloudflare 522 Error?

Cloudflare 522 error is a common issue that can occur when trying to access a website. This error is caused by a connection timeout between Cloudflare and the origin web server. It can be caused by a variety of factors, including network congestion, server maintenance, or a misconfigured firewall.

Steps to Fix Cloudflare 522 Error

  1. Check the origin web server: The first step is to check the origin web server to make sure it is online and responding to requests. If the origin web server is offline or unresponsive, the 522 error will occur.
  2. Check the firewall: If the origin web server is online, the next step is to check the firewall. Make sure the firewall is configured correctly and is not blocking requests from Cloudflare.
  3. Check the network: If the firewall is configured correctly, the next step is to check the network. Make sure there is no network congestion or other issues that could be causing the 522 error.
  4. Check the DNS: If the network is functioning properly, the next step is to check the DNS. Make sure the DNS records are configured correctly and are pointing to the correct IP address.
  5. Check the SSL certificate: If the DNS is configured correctly, the next step is to check the SSL certificate. Make sure the SSL certificate is valid and not expired.
  6. Check the origin web server configuration: If the SSL certificate is valid, the next step is to check the origin web server configuration. Make sure the web server is configured correctly and is not blocking requests from Cloudflare.
  7. Check the Cloudflare configuration: If the origin web server is configured correctly, the next step is to check the Cloudflare configuration. Make sure the Cloudflare settings are correct and are not blocking requests from the origin web server.

If all of the above steps are completed and the 522 error persists, contact Cloudflare support for further assistance.

jassweb logo

Jassweb always keeps its services up-to-date with the latest trends in the market, providing its customers all over the world with high-end and easily extensible internet, intranet, and extranet products.

Jassweb, Rai Chak, Punjab, India. 143518