Error-526 on full strict ssl-with letsencrypt

I have my letsencrypt setup properly on my Ubuntu 18.04.

When I chose Encryption mode = full, I have no problem accessing my website; but it produced 526 error if I chose full (strict).

I did try pause cloudflare and accessing my website got the proper padlock on my browser.

I don’t know how to solve this issue.

Thank you.

Was your domain possibly earlier with some other provider who used Cloudflare as well? In that case, some settings might be stuck and you might have to contact support so that they manually fix that.

What’s the domain? And would you feel comfortable sharing the IP address?

Thanks. No, I registered domain with Namecheap and let Cloudflare manage my dns.

I now set my cloudflare SSL as full (strict) and you can try it: calibre.chotechai.com

Does the server IP address end in 83?

yes, it ends with 83

In that case you’d have a Lets Encrypt certificate on your server but it’s not valid for that hostname and should not load when paused either. You’ll need to configure a valid certificate, the 526 is to be expected for now.

I generated letsencrypt wildcard ssl for the domain too. What else I’m supposed to do?

I’d pause Cloudflare (as you originally mentioned) and make sure that it really loads fine on HTTPS.

Alternatively you could also check out Cloudflare’s Origin certificates. They can be issued from the SSL screen. Only keep in mind, Origin certificates are only valid in proxied contexts, you won’t be able to unproxy the site.

You may try chotechai.com (dns only or non-proxied on cloudflare dns). It shows that my letsencrypt is working properly.

I see that chotechai has a good Let’s Encrypt cert for the apex domain and a wildcard subdomain.

calibre also loads ok for me while proxied.

Is something not working now?

It is working now because I have to choose SSL as Full while proxied; but it will generate error 526 if I set it as Full (strict) while proxied.

As I already said yesterday, you appear to have a broken certificate and need to fix that. As I also already said you best pause Cloudflare (or set the record to unproxied) and fix the certificate and only then proxy again.

1 Like

Thanks. I pause cloudflare and disable proxy. When entering URL calibre.chotechai.com, and check the certificate information. The certificate was issued for another domain of mine, instead of for chotechai.com. It is strange because when I enter chotechai.com (cloudflare is active and proxied, ssl=full,strict), it works fine with the right certificate without error.My Apache config for chotechai.com is pointing to the right certificate keys.

FYI, both bthofen.com and chotechai.com are hosted on a same server at home with a single public IP. Ubuntu 18.04, Apache2

That’s what I have been saying.

Thanks. I found the cause of error. I generated let’s encrypt for chotechai.com separately from my main domain xxxx.com.
Solution: I have to generate only one, and same, let’s encrypt certificate for both xxxx.com and chotechai.com.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.