Error 521 message receives when the origin web server stops the connection from Cloudflare.
More specifically, Cloudflare tried to connect to your origin server on port 80 or 443, you have received a connection refused error message.
The two main causes of occurring 'Error 521' message are as follows:
When the webserver is offline
The origin web server process might not be working promptly or has failed. In such cases, you have to follow below steps.
1) Check whether your web server is working normally or not.
2) Review the server's error logs to know what is leading to the error.
If you're unable to do these tasks, contact your service providers.
When Cloudflare requests are blocked
The origin web server or hosting provider's network may block Cloudflare's requests.
As a reverse proxy, Cloudflare connects to your server from a Cloudflare IP and all consequent traffic comes particularly from a smaller set of Cloudflare IPs.
As a result, some server-side security solutions might mistake the increase in accepted connections from this smaller set of IPs as an attack. It results in some Cloudflare IPs being blocked or rate-limited.
To solve this issue, allow listing all Cloudflare IP ranges in your server's firewall or any other security software at the origin. See the list of Cloudflare IP ranges.
If you are not able to allow list Cloudflare IPs, you have to contact your service providers.
Troubleshoot Error 521
You can use third-party tools like cURL or Telnet to test origin server response.
An example shows below: you require to replace IP address 49.32.3.45 with the IP address of your origin server. Also, you can drive these tests upon port 443.
Test with cURL
cURL entitles you to simulate an HTTP request, so it is a good means for verifying that your origin server is running correctly. You can run cURL through the Terminal command-line tool on Mac OS or Linux.
Run a cURL command against your server IP using the A record or CNAME for your domain shown in the DNS app of the Cloudflare dashboard.
curl http://49.32.3.45 -v
If successful, you should get an HTTP 200 response along with the HTML of your website. A failed cURL request seems similar to this:
curl 49.32.3.45
curl: (7) Failed to connect to 49.32.3.45 port 80: Connection declined
Test with Telnet
Windows users can test a connection using Telnet (via the Command Prompt).
Run a command similar to this:
telnet 49.32.3.45 80
An error shows, such as:
Unable to connect to remote host: Connection refused
It means that your web server is not working or it is blocked.
A refused connection error would look similar to this:
# telnet 49.32.3.45 80 Trying 49.32.3.45... telnet: connect to address 49.32.3.45: Connection refused telnet: Unable to connect to the remote host
Conclusion
If you host at ucartz and are still experiencing the 521 Error after implementing these tweaks, our support team will be able to help – just reach out through the support ticket. If you are not a customer of ucartz and you need emergency support, you can hire us for a one time fix through our hire an administrator service.