Error 523 indicates that Cloudflare could not resolve the origin server's address or route to it at all. This differs from 522 (timeout) in that the connection attempt never even starts — the origin is fundamentally unreachable. This typically happens when DNS records in Cloudflare point to an invalid or non-routable IP, the origin server is completely offline, or there is a network-level issue preventing any connectivity.
The A or AAAA record in Cloudflare is set to an IP address that does not exist, is not assigned to any server, or belongs to a decommissioned machine.
The entire server (not just the web server) is powered off, crashed, or has been terminated by the hosting provider.
The origin's IP is unroutable due to BGP issues, the IP has been null-routed by the hosting provider (often as a DDoS mitigation measure), or there is a major datacenter outage.
CNAME records that chain to non-existent hostnames, or the origin hostname cannot be resolved.
Check that your A/AAAA records point to a valid, reachable IP. If you recently changed hosting, update the IP.
Check DNS RecordsCheck if the origin IP responds to ICMP from different geographic locations to rule out routing issues.
Check PropagationVerify that your server is online and the IP address is still assigned to your account. Ask if any network changes or DDoS mitigations have been applied.
If your server was recently under DDoS attack, the hosting provider may have null-routed (blackholed) the IP. You may need a new IP or to wait for the mitigation to be lifted.
The origin web server refused or is not accepting connections from Cloudflare.
Cloudflare's TCP connection to the origin server timed out.
A 530 error is returned alongside a 1016 error when Cloudflare cannot resolve the origin server's DNS.