The two most common Cloudflare errors are 521 – Web server is down and 522 – Connection timed out. You can read more about this error by following the links from the References section. In many cases, these errors are caused by the firewall blocking the Cloudflare request. The first step in troubleshooting the issue is to whitelist the Cloudflare IPs.
At the time of writing the Cloudflare IPs are:
#cloudflare start IPv4
Cloudflare IPv4 IPs
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/12
172.64.0.0/13
131.0.72.0/22
#cloudflare end
#cloudflare start IPv6
Cloudflare IPv6 IPs
2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32
2a06:98c0::/29
2c0f:f248::/32
#cloudflare end
You should whitelist these two sets of IPs on your server. As many web hosting servers are using CSF, you should add these IPs to the file /etc/csf.allow. Don’t forget to restart it.
References:
Cloudflare error 521
Cloudflare error 522