526, but cert seems ok

I am getting occasional 526 errors on an Ubuntu server in the past two days. They happen and then after a couple refreshes they are gone.

I paused Cloudflare on the site and checked both Certbot and SSL Checker, and both indicated that my certs on the server were valid. Can anyone offer a suggestion as to where to look next?

Can you post the domain name? That’s not easy to type :wink:

And you are getting that error right now?

No. I got it about a half hour ago and started the site pausing and cert checking. When everything seemed normal I turned Cloudflare back on.

I presume your IP address ends in 63, right? Do you have any other IP addresses configured?

Yes. I have other domains on that IP, but no other IPs for that domain.

That’s what I meant. So there’s only that one IP address configured for that domain?

Correct.

Has your domain ever been with another provider who might also have a Cloudflare integration?

I can’t know for sure, but I highly doubt it.

All right, and you do not have any issues that your account’s settings do not take effect, right?

Also, the content on your server is correctly displayed and was not hosted elsewhere?

Just trying to verify if such an integration might override your account settings and actually proxies to a different machine.

No issues. Images come from S3 and the DB is on another Linode, but all the HTML is on that box.

Has been running without issue since October.

In that case the best guess would be that your server occasionally does not return a valid certificate. It’s hard to debug as it’s currently working and your server is returning a valid certificate.

Of course, this is excluding the possibiliy that Cloudflare currently has an issue, but while that’s not impossible, it’s at least unlikely.

How often do you experience the issue?

Twice this week, that is it so far.

I know what you mean, if you don’t catch it while it is happening, it’s almost impossible to catch.

Is there anything in particular you would do if I catch this happening again?

I’d check what the server returns.

Is it a one-off error or do you get the 526 for a while?

Maybe a couple minutes.

Someone usually sends me and email, I check and it is still happening, but within 2 or 3 refreshes it is back to normal.

First refresh comes back with with the css not loaded. Second refresh is back to normal.

What exactly do you mean check what the server returns?

If the server lets you establish a proper SSL connection.

What you could do is enable the server’s SSL logging, that might also provide some details.

That’s a good idea. I will start with that.

Maybe double check your server’s SSL setup as well. Make sure there are no previous certificates.