523 Origin Is Unreachable
The HTTP 523 Origin Is Unreachable status code is an unofficial server error specific to Cloudflare. This error occurs when Cloudflare is unable to reach the origin server at the network level, typically due to a DNS resolution failure.
Usage
Cloudflare is a content delivery network acting as a reverse proxy between clients and origin servers. The 523 error means Cloudflare was unable to route traffic to the origin because the origin's IP address is not reachable.
Common causes include:
- The DNS records in the Cloudflare dashboard point to an incorrect or outdated IP address.
- The origin server's DNS records have been removed or misconfigured.
- The origin's hosting provider has changed the server's IP address without updating Cloudflare.
- Network-level routing failures between Cloudflare and the origin.
Note
A 523 differs from 522 Connection Timed Out in a key way: a 522 means the IP was reachable but the TCP handshake failed, while a 523 means Cloudflare was unable to resolve or route to the origin IP at all.
SEO impact
Search engines treat Cloudflare 523 responses as server errors. Persistent 523 errors reduce crawl rate and prevent indexing of affected URLs. Correcting the origin DNS or routing restores normal crawling.
Example
A client requests a resource through Cloudflare. The origin server's DNS record is missing or invalid, preventing Cloudflare from reaching the origin.
Request
GET /about HTTP/1.1
Host: www.example.re
Accept: text/html
Response
HTTP/1.1 523 Origin Is Unreachable
Date: Sun, 02 Mar 2026 10:30:00 GMT
Content-Type: text/html
Server: cloudflare
CF-RAY: 8a1b2c3d4e5f6-AMS
<html>
<head><title>523 Origin Unreachable</title></head>
<body>
<h1>Error 523</h1>
<p>Origin is unreachable</p>
</body>
</html>
How to fix
Open the Cloudflare DNS settings and confirm every A and AAAA record points to the current origin IP address. A common cause is switching hosting providers or migrating servers without updating the IP in Cloudflare. Remove stale records and add the correct address.
If the domain uses a CNAME record, verify the target
hostname resolves properly. Run dig or nslookup
against the CNAME target to confirm a valid A/AAAA
response. Cloudflare follows the CNAME chain, so a
broken link anywhere in the chain produces a 523.
Check for DNS propagation delays after recent changes.
New or updated records take time to propagate across
global resolvers. Use dig @8.8.8.8 example.re to
confirm the intended IP is visible from outside the
local network.
If the origin recently switched from HTTP to HTTPS, verify the origin listens on the port matching the Cloudflare SSL/TLS mode. A 523 appears when Cloudflare attempts to route traffic to a port the origin does not serve.
Run an MTR or traceroute from the origin server to a Cloudflare IP address (found in origin access logs) to diagnose routing failures. Provide the MTR output and origin server logs to the hosting provider for investigation.
Takeaway
The 523 Origin Is Unreachable status code is a Cloudflare-specific error generated when Cloudflare is unable to resolve or route to the origin server's IP address.
See also
- 521 Web Server Is Down
- 522 Connection Timed Out
- 530 Site Frozen
- Troubleshooting Cloudflare Errors
- HTTP status codes
