Error 526: on Full Strict SSL with lets encrypt

Hello,

I recently setup a new server running plesk. I secured the domain using Plesk’s letencrypt extension.
When I tried to access the domain I received the following error:

“Error 526 - Invalid SSL Certificate”

When I changed the crypto from Full (Strict) to Full it works fine.

So it appears Cloudflare has an issue with the certificate.

Plesk’s support article, simply states it’s related to a misconfiguration in cloudflare:

How to continue to troubleshoot / rectify so Full Strict, does not generate any errors?

Hi @garymoylanit,

If you set the record to :grey: or pause Cloudflare, is the valid Let’s Encrypt certificate showing and working in the browser?

You can pause Cloudflare from the Overview tab of the Cloudflare Dashboard, bottom right under Advanced Actions.

If you take the steps @domjh suggested and the site does not load securely, the certificate is probably expired or incorrect in some other way. Full (Strict) needs to verify a valid certificate on the origin to function (as you’ve experienced). Full just verifies a certificate exists, hence why it works.

If you opt to update the certificate on the origin, there are a couple of options. Really good details here, https://support.cloudflare.com/hc/en-us/articles/200170416-End-to-end-HTTPS-with-Cloudflare-Part-3-SSL-options and your 526 error is called out in particular in that article:

Other background details here, Community Tip - Fixing Error 526: Invalid SSL certificates.

1 Like