We have Cloudflare setup to point to Frontdoor in Azure for our websute. We use the Universal SSL in Cloudflare and also use AFD managed in Azure, both using minimum TLS 1.2. This has been working fine, but we have noticed that it is causing a 526 error on certain requests - it seems to only be when there is a query string (?) and not on every page. If there was an SSL mismatch I would expect this to happen on every request, but it only happens sporadically, and only with query strings. I can also see that Cloudflare is not blocking it. It works if we downgrade from strict to full. I have tried adding the Cloudflare origin SSL to Azure, but it is not accepted in Front door as it is not on the valid list for Microsoft. Any suggestions on how to fix this please?
Was the site working with SSL prior to adding it to Cloudflare?
A 526 means Cloudflare could not validate the certificate at the origin.
When you have SSL/TLS mode set to Full SSL (Strict), you must make sure that the certificate at the origin is within the validity period, issued by a valid CA and covers the hostname being hit.
If any of these conditions fail Cloudflare will show a 526 instead.
If you have an out of date or self-signed certificate or one that doesn’t cover the hostname, please either use a Cloudflare origin certificate instead, or downgrade the SSL/TLS encryption in your Cloudflare dashboard from Full Strict to Full.