Error 526, Invalid SSL Certificate

Hello,
I’ve read the previous posts on the topic and didn’t quite find a solution so I thought, I’d try asking about it again.

I’m getting the error 526 when the SSL encryption mode is set to “Full (strict)”. The problem is solved when I switch it to “Full” but I’d much more prefer it to run on the strict mode.

I’ve contacted my hosting provider, they checked if:

  • Certificate is not expired
  • Certificate is not revoked
  • Certificate is signed by a Certificate Authority (not self-signed)
  • The requested domain name and hostname are in the certificate’s Common Name or Subject Alternative Name
  • Your origin web server accepts connections over port SSL port 443

After doing so they claimed that everything is working fine on their end and that I should reach out to CloudFlare.

So here I am. Asking politely, what can I do, to have the website run on Full (strict) mode and not experience any errors. Is it the matter of upgrading the SSL type to dedicated? Or maybe you could instruct me how to install an SSL on your servers.

Thanks for your time & help. Regards.

If it were me, I’d set that hostname to :grey: in DNS and wait five minutes just to see if the site loads correctly over HTTPS, and I’d inspect the certificate.

Actually, I’d edit my Mac’s /etc/hosts file for that domain name and add the origin server’s IP address so I could leave DNS set to :orange: to hide my origin IP adddress.

Either way…first is easier if you don’t mind people hitting your server directly.

These are the correct step and if all of this is true, Cloudflare shouldnt throw a 526. Either there is an issue with Cloudflare or something here is not entirely accurate. Experience tells us it is more likely the latter :slight_smile:

Can you post the domain?

1 Like

Hi, thank you for quick reply.
I don’t want to post the domain on forum but could do in private chat or via email.

You can run a test with the domain at sitemeer.com and post the time here when you checked it.

1 Like

Hi, thank you for quick reply.
Will try that if I don’t find simpler solution to that problem.
I’m no tech genius and don’t want to risk screving things up with DNS etc.

@sandro

You posted at 9:28 GMT, is it that r****.nz domain?

1 Like

No, it’s m**************s.com

Alright, got it. Does your server IP address end in 24?

1 Like

Yes,

In that case I am sorry, but your host has informed you incorrectly.

While four out of the five statements are correct, the very first one already is not. The configured certificate actually is expired. It expired yesterday at around 7pm GMT.

2 Likes

Oh, guess you can never rely 100% on these live chat employees.
I have no idea why It would expire, but I’ll go and ask them about it.

I’m sorry, this might seem like a dumb question, if it turned out I have to purchase a new certificate is it better do it from my host (Bluehost) or Cloudflare?

You can purchase a certificate but - these days - thats not really absolutely necessary anymore. You can either get a free Lets Encrypt certificate or a free Origin certificate from Cloudflare.

2 Likes

Alright, thank you very much for your help.
Have a good day/ night :slight_smile: