I got 526 after installing the cert-manager issued certificate. I don’t understand why?!?
I paused CF trying to inspect the cert with
Which I got:
aytul.org resolves to 184.108.40.206 No SSL certificates were found on aytul.org. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server’s firewall.
But this is because of my router doesn’t let any IP in other than CF IPs
So I tried
echo | openssl s_client -showcerts -servername www.aytul.org -connect [redacted internal ip]:443 2>/dev/null | openssl x509 -inform pem -noout -text
which shows me a good certificate
I had to change the level to Full from Full (strict). Is there a way to put this back to Full Strict?
I have a similar issue.
I created a new Let’s Encrypt certificate today and deployed it on my server. When I tried to visit my website (with DNS proxy on), it gave me a 526 error.
However, when I disabled the DNS proxy (meaning a direct connection), everything looked normal. I verified it with openssl, the “ssl shopper”, and a couple of modern browsers. All said I had a valid certificate which was signed by Let’s Encrypt.
(Didn’t realize I couldn’t edit my post…)
I’m pretty sure this is unrelated, but just wanted to include for a better view - I created my new cert with
certbot and used DNS-01 for verification. The certificate chain is:
ISRG Root X1 →
R3 → my domain.
I figured out the problem. It was my mistake in my Helm chart I wasn’t creating the certificates properly. Once that’s fixed I could set it back to Full-Strict. ■■■■ works!
I figured out my problem, well, in a different way. The certificate I had was properly generated, but the cipher I used below was not accepted by Cloudflare’s edge servers.