If you’ve used Cloudflare for a while, you’ll inevitably see the following error one day:
Error 523: Origin is unreachable
This one is very simple to understand compared to some of the other Cloudflare errors. For one reason or another, Cloudflare is unable to contact your server. If you don’t have the “Always Online” feature enabled, your visitors won’t be able to access your website until you resolve the issue.
Unfortunately, the error doesn’t explain why your origin server is unreachable beyond a few suggestions. So here’s what we will cover in our article to help fix the error:
- Ways To Fix Error 523: Origin is Unreachable
- How “Always Online” Interacts with Cloudflare Error 523
- Contacting Cloudflare Support: Business or Enterprise Plans
- Bottom Line: Error 523 is Usually a Problem on your Server
Ways To Fix Error 523: Origin is Unreachable
Here are some troubleshooting steps to fix the problem.
1. Just Wait – It Might Fix Itself
Sometimes just waiting for a few minutes can solve the problem. Servers experience temporary outages all the time. Maybe it’s restarting, or your application crashed and is initializing once again. Beyond this, web hosts sometimes take down servers for maintenance. They almost always warn you before this happens, and they try to do it during off-peak hours. But when they do, you’ll get the “Origin is Unreachable” error from Cloudflare.
Granted, waiting a few minutes might not be the easiest thing to do when you’re freaking out while your website is down. So in the meantime, you can proceed to check the following.
2. Check your DNS Settings
If you haven’t changed anything on your end, there’s no reason why your DNS settings would be wrong, but there’s no harm in checking. In your Cloudflare dashboard, open your DNS dashboard and verify that the IP address next to your domain name is correct, as shown here:
Go to your web hosting dashboard, and verify that the IP address in your cPanel is the same as the one under the DNS record type “A”. On NameHero, you can see the IP address as shown here:
The IP address should match the one in the earlier screenshot.
3. Fixing Dynamic IP Addresses with DNS-O-Matic
Web hosts don’t change IP addresses often, but it does happen. It’s more likely on a shared hosting server, as a VPS generally comes with a dedicated IP (though not always). If your web host changes the IP address of your server, then you’ll get the 523: Origin Unreachable error on Cloudflare.
Some services monitor IP address changes and use Cloudflare APIs to change the DNS addresses. One of these services DNS-O-Matic is recommended by Cloudflare itself. Using the service is simple. Sign up for an account, choose Cloudflare as your service provider, and give them your Cloudflare API token as shown here:
If you set it up correctly, the service will monitor your website for DNS changes and then use the Cloudflare API key to change your Cloudflare DNS settings dynamically. It’s an excellent service; you should use it if your web host frequently changes your IP address.
4. Check if SSL/HTTPS is the Problem
The 523: Origin Unreachable error can crop up if you’ve just enabled SSL or HTTPS on your server and Cloudflare cannot connect to your SSL port (usually 443). If this happens, check if your firewall is blocking either Cloudflare or all incoming connections to port 443. You should contact your web host if you don’t know how to do this.
5. Disable Railgun and Try Again
Railgun is a Cloudflare service that sounds cool in theory but doesn’t work well in practice – at least not for me. I’ve written about my previous experiences with Railgun, and though I’d like it to work, it can introduce weird lags into your website connections. But since Railgun relies on software configured on the server, something can break and render your origin server unreachable. Moreover, Railgun appears to be an old technology that isn’t updated, so I would advise against it.
For a more modern approach, check out Cloudflare’s latest Cache Reserve functionality that can cache entire pages for improved speed.
6. Pause Cloudflare and Check your Error Messages
If you’re confident that your IP address is correct, one way to troubleshoot the problems on your server is to pause Cloudflare temporarily. You can do this from the “Overview” page of your account after selecting the domain you want to disable. Here’s a screenshot of what the option looks like:
The above option disables all Cloudflare functionality other than DNS routing. If your origin server is truly unreachable, you might be able to see the error and fix it.
7. Check for an Overloaded Database or Site
This troubleshooting step belongs to the broader category of things that can cause your website to crash. A widespread issue is that your site is overworked – either as a victim of its success or because of spam. Unfortunately, troubleshooting this kind of problem isn’t easy because your site can fail unpredictably when the load is high and work perfectly fine when the load is low. For this reason, even calling tech support is often futile.
This isn’t the place to get into the weeds on how to improve your server’s performance. But warning signs include excruciatingly slow load times, particularly for backend applications that don’t have caching. You can also consult your visitors’ logs to unearth spamming attempts, though ideally, Cloudflare would mitigate some of the common attacks.
How “Always Online” Interacts with Cloudflare Error 523
Cloudflare’s “Always Online” feature shows a watered-down version of your site even when the origin is unreachable. Naturally, there are severe limits to how your users can interact with a cached version of your site, but for public content, this feature can make the difference between a failed visit and a successful one.
Since Cloudflare announced its integration with the Internet Archive in 2020, it backs up publicly-facing pages of your website on a frequency that depends on your plan.
- Free customers: Once every 30 days
- Pro customers: Once every 15 days
- Enterprise customers: Once every 5 days
Cloudflare generates this cached copy for the error range 520 to 527, so 523 falls in the middle. If the problem at your origin server is only temporary, then hopefully, the Always Online service will tide you over until you can figure out what went wrong and fix it.
Contacting Cloudflare Support: Business or Enterprise Plans
If you’re convinced that your origin server is running well and that your IP address in the DNS settings is correct, then you have no option but to contact Cloudflare customer support. Unfortunately, unlike a web hosting service, Cloudflare only offers live chat and priority e-mail support if you have a Business or Enterprise plan. You get the first response in under 2 hours on these two plans. But on other plans, you might have to wait a while before they respond to you.
In the meantime, I suggest you disable Cloudflare’s functionality and retain only the DNS resolving mechanism. You can do this by clicking the orange cloud icon next to your domain names in the Cloudflare DNS dashboard, as shown here:
This ensures that all traffic to your site will be “pass-through” without being touched by Cloudflare. It’s an excellent way to pause Cloudflare for extended periods while you work out what went wrong.
Bottom Line: Error 523 is Usually a Problem on your Server
Even though Cloudflare can occasionally be at fault, chances are that the 523 error of an unreachable origin is a problem with your server or the IP address that you provide to Cloudflare for DNS resolution. By analyzing your server logs and ensuring that your server has enough resources to function, you can prevent it from happening again.
If you are a NameHero customer, we’d be happy to help. Just create a ticket from your client area or start a live chat with one of our representatives.
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!