A client’s website began returning 502 gateway errors across all pages, including the admin login. Freshy’s development team investigated and identified that the root cause was an expired SSL certificate on the site’s origin server. After renewing the certificate and verifying CDN connectivity, Freshy restored full site functionality within hours.
Issue background
On a Sunday evening, the client reported a full-site outage. Visitors encountered 502 Bad Gateway errors when trying to access any page.
Initial testing confirmed the issue originated at the content delivery network (CDN) layer, indicating that the CDN could not communicate with the origin web server.
Diagnosis
Freshy’s developers conducted a direct cURL test to the origin server to bypass the CDN and inspect the raw server response.
The test revealed that the SSL certificate for the origin had expired earlier that day, preventing secure communication between the CDN and the server.
Server certificate:
subject: CN=example.com
start date: Aug 4 21:49:23 2025 GMT
expire date: Nov 2 21:49:22 2025 GMT
issuer: C=US; O=Let's Encrypt; CN=R10
SSL certificate verify result: unable to get local issuer certificate (20)
This confirmed that the CDN’s HTTPS handshake was failing due to an invalid SSL certificate. Because CDNs enforce SSL validation for origin connections, an expired certificate immediately disrupts the delivery of all site traffic.
Resolution steps
Freshy resolved the issue using the following steps:
- Renewed the SSL certificate
A new Let’s Encrypt SSL certificate was generated and installed on the origin server using standard certificate management tools. - Validated CDN handshake
After renewal, the development team verified that the HTTPS handshake between the CDN and the origin was successful. - Cleared CDN cache and revalidated DNS
A full cache invalidation was performed to ensure no cached 502 responses persisted. DNS records were also rechecked for propagation consistency. - Retested site accessibility
Both direct origin requests and front-end checks confirmed the site was once again serving secure traffic successfully.
Within minutes of renewal, the website was fully operational and serving pages over HTTPS.
Final outcome
After the SSL certificate was renewed and the CDN connection revalidated, all 502 gateway errors were resolved. Frontend and admin access were restored without any data loss or performance degradation.
Freshy confirmed the issue’s resolution through both manual testing and automated monitoring tools. The website remained stable after restoration.
Technical takeaway
This incident illustrates a common cause of sitewide 502 errors — an expired origin SSL certificate.
When using a CDN or proxy such as CloudFront, Cloudflare, or Fastly:
- The CDN requires a valid SSL certificate at the origin to complete secure handshakes.
- Expired origin certificates will block traffic even if the CDN itself has a valid SSL certificate.
- Regular SSL renewals should be automated using Let’s Encrypt’s Certbot or similar tools to avoid service interruptions.
Proactive SSL monitoring and automated renewals can prevent outages and maintain consistent uptime for all users.
Need help fixing SSL or CDN connection issues?
If your WordPress site is returning 502 errors or failing to connect to your CDN due to SSL issues, Freshy’s experts can help identify and resolve the problem quickly.
Contact Freshy today to restore your site’s uptime and security.
