July 13, 2023
6 Ways To Fix Cloudflare’s Error Code 521 in WordPress

You being here suggests that your website’s visitors are getting error code 521 when they enter the URL in the browser — i.e., your website is inaccessible to your customers.

Knowing that such a downtime can cost more than $300,000 for 91 percent of enterprises, let’s quickly figure out what error 521 means and how to troubleshoot it.

Here’s what we’ll cover:

Error code 521

Error code 521, or “Error 521: Web server is down,” is an error your visitors see if Cloudflare can’t access your website’s server. In other words, your visitors can reach the servers of your content delivery network (CDN), but the CDN can’t reach you.

Common causes of this error include an unavailable web server, a misconfigured Cloudflare configuration, or an invalid Secure Sockets Layer (SSL) certificate.

Error 521: Web server is down — a Cloudflare error.

How to fix error code 521

Now that we know what error 521 is, let’s see how to troubleshoot it.

1. Verify that your website is online

When you set up Cloudflare as a reverse proxy for your website’s server, it acts as a bridge between your customers and your website. Your website visitors pass through this bridge to find your website on the other end.

If your visitors encounter error 521, the first thing you need to do is check if the bridge's destination is still online.

You can use the cURL command to interact directly with your website’s server and request a response.

Open the command prompt or terminal (if using macOS or Linux) and enter the following code:

curl --silent --output /dev/null --write-out "%{http_code}" https://yourwebsite.com

Note: Replace “https://yourwebsite.com” with your website’s URL.

You’ll get an output in the form of an HTTP status code. If it’s 200, your website server is online.

For instance, here’s the output of this code if we use cURL to interact with our website.

cURL response of https://www.nexcess.net.

If you don’t want to work with the command prompt or terminal, try out KeyCDN’s HTTP Header Checker.

KeyCDN’s HTTP Header Checker.

However, getting a 5xx status code means the server failed to respond to your request — and you have a server error.

Note: If you get HTTP code 301, don’t worry. It means that WordPress has set up a 301 redirect for non-WWW to WWW URL, or vice versa. That typically happens if your website’s default address is “https://www.nexcess.net,” and you enter “https://nexcess.net.” You may enter the correct address to get the actual response code.

In case of a server issue, bring it up with the hosting provider’s support team to see if they’re doing any maintenance on the server. You can also check your hosting provider’s status page to see if the servers are offline.

Alternatively, if your hosting provider doesn’t offer immediate support, you may check out the error logs via cPanel to troubleshoot the server issues.

Accessing Apache errors log via cPanel for troubleshooting error 521.

If your hosting provider’s servers suffer from frequent downtimes, consider Nexcess. We reliably offer almost 100 percent uptime with all our hosting plans. Besides that, our expert support team is available 24/7/365 to help you with any technical issues.

2. Remove blockers between Cloudflare and your website

If your website is online, the error 521 might be due to a misconfiguration preventing Cloudflare from accessing your website’s files.

The issue can be in your .htaccess file, IP Blocker rules, or security plugin. Let’s see how to fix each one.

Whitelist Cloudflare IP addresses in your .htaccess file

Cloudflare uses a set of IP addresses to direct incoming traffic to your web server. Ensure all those IP addresses are whitelisted or allowed on your web server.

Here’s how to whitelist IP addresses in the server configuration:

1. Open the .htaccess file via an FTP client or using the file manager in cPanel.

Editing .htaccess file from the file manager.

2. Add the following code:

order deny, allow
deny from all

3. Add allow from [Cloudflare IP addresses]. Replace [Cloudflare IP addresses] with one of the actual IP addresses on each line, as shown in the image below.

Adding Cloudflare IP addresses in .htaccess.

4. Save your .htaccess file.

Check IP Blocker settings

If you’re using a cPanel-based host, IP Blocker can help you block your website from a specific IP address or a range of IP addresses.

Review the IP Blocker settings to ensure one of the admins hasn’t added Cloudflare IP ranges to it by mistake.

IP Blocker in cPanel.

Disable your security plugin

There’s a chance your security or firewall plugin might be blocking Cloudflare requests. To rule that possibility out, disable the plugin and see if it resolves error 521. If it does, contact the plugin developers or replace your security plugin.

3. Review Cloudflare DNS settings

Log in to your Cloudflare account and navigate to [yourwebsite.com] > DNS > Records.

Once there, ensure that content for all A records matches the origin web server’s IP address and that the content for CNAME records contains your website’s domain name.

DNS settings in Cloudflare.

If one of the records is incorrect, you may modify the record by clicking Edit.

Editing DNS records.

4. Install a valid SSL on the origin web server

Cloudflare SSL/TLS encryption mode settings.

If you’ve configured the SSL/TLS settings on Cloudflare as Full (strict), Cloudflare performs a certificate validation between itself and your server.

And if your website’s SSL certificate comes across as expired or self-signed or doesn’t match the domain, Cloudflare will cut off the connection. In that case, your visitors will see error 521 in their web browser.

You may need to install a Cloudflare Origin Certificate Authority (CA) certificate on your server to fix this issue. You can get a Cloudflare Origin CA certificate by navigating to [yourwebsite.com] > SSL/TLS > Origin server and clicking Create certificate.

Creating an Origin CA certificate.

Afterward, you can add the Cloudflare origin certificate to your web server by following your hosting provider’s directions.

However, if you manage sensitive data or need to comply with PCI-DSS requirements, you may be better off with a premium SSL certificate.

5. Deactivate mod_reqtimeout and mod_antiloris

You might have enabled mod_reqtimeout and mod_antiloris modules on your Apache HTTP server to prevent denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks. The modules shield your web server from these attacks by limiting the number of times an IP server can connect with your server.

While mod_reqtimeout and mod_antiloris serve as a protective shield for your hosting server, they might have incompatibility issues with Cloudflare.

For instance, Cloudflare relies on a limited number of IP addresses to direct traffic to your server, but the modules might block those addresses due to consecutive connection attempts.

6. Contact customer support

If none of the solutions above work for you, it’s time to get outside help.

Get Cloudflare’s support via ticket, chat, or phone by navigating to Support > Contact Cloudflare if your website functions fine without Cloudflare’s CDN.

If the website’s hosting server is down, contact your web hosting provider’s support team. With Nexcess, you get 24/7/365 support from expert technicians who handle the troubleshooting from start to finish and let you focus on other business tasks.

Final thoughts: 6 ways to fix Cloudflare’s error code 521 in WordPress

If you own an ecommerce business or manage an enterprise, you don’t want to keep seeing error code 521 for long. Every second your website stays inaccessible, you leave more money on the table.

With the tips above, you can try to fix the error as soon as possible. However, prevention is better than cure.

At Nexcess, our experts handle the server configuration for you, so you rarely have to worry about an error 521. Not to mention, our enterprise hosting plans come with 24/7/365 support from elite technicians, always on standby if anything breaks loose.

Besides that, you can also try our free built-in Nexcess Edge CDN, which is powered by Cloudflare, to bypass error code 521 since Nexcess experts handle everything, as opposed to Cloudflare itself, where you have to configure the CDN manually.

Check out our hosting plans to get started today.

Maddy Osman
Maddy Osman

Maddy Osman is a WordPress expert, WordCamp US speaker, bestselling author, and the Founder and SEO Content Strategist at The Blogsmith. She has a B.A. in Marketing from the University of Iowa and is a WordCamp Denver organizer while also operating The Blogsmith, an SEO content agency for B2B tech companies that works with clients like HubSpot, Automattic, and Sprout Social. Learn more about The Blogsmith's process and get in touch to talk content strategy: www.TheBlogsmith.com

We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.