526 Invalid SSL because of Previous Cloudflare?

My domain is MJAITLY dot COM and currently I have paused Cloudflare on it. This domain was for a website hosted earlier on Bluehost and Bluehost had activated Cloudflare on this. Since I am now using this domain for a different site, I disconnected it and unassigned it from my earlier site and Bluehost. I set this in Cloudflare myself manually but despite trying out everything I keep getting 526 Invalid Certificate Error.

Can anyone help me with this? I tried flexible, Full, Full Strict but nothing is working. I am just wondering if the earlier Cloudflare through Bluehost is creating issues though I don’t think that to be the case.

The SSL certificate on your server is for paper.li not for mjaitly.com. There’s either no certificate for your domain on your server or there’s a configuration issue and it’s not being presented properly.

If you have full control of your origin server you can either use use LetsEncrypt/certbot to get a proper SSL certificate for your domain (and make sure auto-renewal actually works), or you can generate one of Cloudflare’s 10-year origin certificates and put it on the server (these will only be properly trusted while the domain is orange-clouded).

If you don’t have full control over your origin server you’ll have to talk to whoever controls it and see what options they have for issuing SSL certificates.

Indeed, I am getting a message from the origin server that my DNS is not configured properly. I changed the nameservers to Cloudflare so it control my DNS now. However, I am not sure where the configuration went wrong.

Some web hosts will refuse to issue/renew SSL certificates while your DNS entries are orange-clouded. You’ll need to check your web host’s documentation. Usually best to get SSL working properly before orange-clouding. If you need to contact your web host’s support, make sure your DNS entries are grey-clouded when you do.

I think I now know what is causing the issue. When my site (with the same domain MJAITLY ‘dot’ COM) was hosted with Bluehost, there was already an SSL certificate installed. Cloudflare needs to remove that certificate and issue a fresh one. However, I have no idea how to contact Cloudflare support. For free accounts they have no email support id.

I have disabled universal SSL and will enable it again. Hopefully the new certificate will get installed. But if it does not then Cloudflare will have to di it. How do I contact them?

Your origin server was presenting a certificate for the wrong domain even when you had it grey-clouded. Cloudflare won’t be able to do anything about that. Cloudflare can’t make changes to your origin server.

Grey-cloud your DNS entries and get SSL working properly first, don’t try to orange-cloud until you’re sure your origin server is properly configured.

Putting Cloudflare in front of a misconfigured origin server isn’t going to help anything and is just going to make troubleshooting your origin more difficult.

1 Like