I just moved my website to a new server within bluehost and ip address changed. I changed the ip address in the A records to the new one but now shows the error
What steps have you taken to resolve the issue?
I am not sure if this what I had to do and whether error is because the new IP address has not propagated yet and the error will disappear when it has propagated. Or that I was to do something different.
What feature, service or problem is this related to?
Without Cloudflare, or with Unproxied () / DNS-only records: Visitor ↔ Web server
With Proxied () records: Visitor ↔ Cloudflare ↔ Web server
So, by having Proxied () records, you also have two different connections to secure. Cloudflare will take care of the first (Visitor ↔ Cloudflare) with the Edge Certificate from Universal SSL, and the certificate on your server (alternatively, your hosting provider) will take care of the latter (Cloudflare ↔ Web server)
Receiving 526Invalid SSL certificate means that the stuff, that you have behind Cloudflare, isn’t configured safely enough.
The Bluehost server may be presenting Cloudflare with an invalid certificate.
You can eventually try switching your DNS record(s) to Unproxied () / DNS-only, wait 10-15 minutes, and see if you can access your website then.
If you can’t (and you don’t see the 526Invalid SSL certificate any more), then there will, according to the explanation above, be something you need to fix on the Bluehost server.
Thanks DarkDeviL for such a detailed and clear explanation. I have made A records unproxied and see what happens.
You are right! after about 10 minutes, I don’t have the SSL error but warning from my security app that the site is dangerous. So I have to put proper SSL there. Once it is there, i can then turn the proxy on? It will then take only short time to propage the IP?
I think I know why the server certificate is not matching. While migrating, they have given temporary url and the site shows up secure and no errors since the cert matches the temp url domain. Now I see that it is secure under corporationforsale domain but the cert is for a different domain and hence the error. So I need to change the cert.
Once you have a proper certificate, and that the website works when the DNS record is set to Unproxied () / DNS-only, you’re ready to switch (back) to Proxied ().
Cloudflare’s TTL “Auto” is publishing DNS records with a TTL of 300 seconds (5 minutes), however, that TTL is effective for already existing DNS records, which yours are.
Some DNS resolvers may be configured to cache DNS records for longer, but generally, after the TTL has passed away, things should at least (slowly) start to normalize, according to the new configuration.
That would make perfect sense.
If you present a valid certificate for “example.COM” on the website for “example.ORG”, then that wouldn’t work, as the certificate has been issued for a different domain.
) / DNS-only records: Visitor ↔ Web server
) records: Visitor ↔ Cloudflare ↔ Web server