Error 526 Invalid SSL certificate (running nginx)

Yeah, I know it’s not new, but still painful :slight_smile:

Internally, I am trying to run nginx proxy manager. I have the security setup as FULL and have properly installed the certificate. The proxy host is setup to forward to the proper IP and port with the system.

But I can’t get that far. The seems at the “host”.

On the outside, I have cloudflare’s DNS setup with the cname and the correct domain, etc.

Any ideas? Thanks in advance.

Are you sure you have set it to “Full” and not to “Full (Strict)” as normaly the 526 Error occurs when you have set it to Full (Strict) and not responding with a SSL Cert which is valid for CloudFlare

This does not seems to be the case.

To fix 526 Errors we have a very good and details communityTip here:

Yes, it is set to Full (strict) and I have the key and pem uploaded to nginx. But clearly something somewhere is not correct.

To bypass and conceal the problem you can quickly change to “Full” (wihtout strict). This will bring you page back very fast. But remember: this will not solve the problem! So after doing this do not stop and give up. Lets dig a bit deeper and find out why this happened.
You also see a “Recommended by Cloudflare” at the setting “Full”, this is due to the fact, that CloudFlare recognized your origin Server is not responding with a valid, but an invalid SSL Cert, so it directly recommends you what setting is the best for you to make your site work properly in this situation.

Wait a min I will write you a little tutorial or provide you a link for knowing what you have to do to further inspect your oprigin Server and the cause of the problem.

Ok this is not exactly your Error, but to inspect the origin Cert which gets shown to CloudFlare you can read and follow this approach provioded here at this 525 Error Guide:

Follow §2:

And post here the result so we can inspect it.

Thanks. I got the key and pen from Cloudflare last night and installed it innginx, but clearly I have done something.Let me read what you have sent. Thanks.

.pem and .key, I meant to say. Switching to Full, not strict I am getting a “Error 522 ## Connection timed out”. . So we are getting closer, perhaps

Yes :slight_smile:
For Error #522 please read the related CommunityTipp and follow its instructions:

1 Like