I followed this article (https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel#configure-and-run-the-tunnel) to set up a tunnel to my private network and added the
no-tls-verify option to my conf file (https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/config#no-tls-verify). However, when I tried to connect to an HTTPS site (using IP address) I got the 526 error (Insecure upstream).
It seems the no-tls-verify option was ignored. And a more weird behavior is if I access the same site using a non-standard port (still HTTPS, same certificate), or any https site that runs on non 443 port, I get no error although the certificate is still invalid.