I got 526 after installing the cert-manager issued certificate. I don’t understand why?!?
I paused CF trying to inspect the cert with ssl shopper
Which I got: aytul.org resolves to 24.55.2.149 No SSL certificates were found on aytul.org. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server’s firewall.
But this is because of my router doesn’t let any IP in other than CF IPs
I created a new Let’s Encrypt certificate today and deployed it on my server. When I tried to visit my website (with DNS proxy on), it gave me a 526 error.
However, when I disabled the DNS proxy (meaning a direct connection), everything looked normal. I verified it with openssl, the “ssl shopper”, and a couple of modern browsers. All said I had a valid certificate which was signed by Let’s Encrypt.
I’m pretty sure this is unrelated, but just wanted to include for a better view - I created my new cert with certbot and used DNS-01 for verification. The certificate chain is: ISRG Root X1 → R3 → my domain.
I figured out the problem. It was my mistake in my Helm chart I wasn’t creating the certificates properly. Once that’s fixed I could set it back to Full-Strict. ■■■■ works!
I figured out my problem, well, in a different way. The certificate I had was properly generated, but the cipher I used below was not accepted by Cloudflare’s edge servers.
