Error 526 w/ new shared host w/ DirectAdmin and Let's Encrypt

I moved to a new shared host with DirectAdmin and Let’s Encrypt, once I changed the CloudFlare SSL encryption mode to Full (Strict), I am getting a error 526.

I have used “Paused CloudFlare on site” and tried reloading the site with various computers via different ISP. I confirmed the site was working and the certificate is issued by R3 and it is valid.

When I resume CloudFlare and enabled the CloudFlare SSL mode back to Full (Strict), error 526 is coming back.

Currently the site is set to use Full only, and I confirmed a CloudFlare cert was issued and I am curious to get to the bottom of this.

As far as I can tell, the problem seems to be with CloudFlare because turning it off and everything is working. Any idea?

Try unproxy :grey: your domain, wait for few minutes and do a SSL test:

https://www.ssllabs.com/

1 Like

I used the Pause Cloudflare option during my initial troubleshooting and I received an A in SSL Labs. When I enabled CloudFlare, I received a B.

Unless I am mistaken, isn’t Pausing Cloudflare is a better option for troubleshooting purpose?

Pausing Cloudflare disables proxying for everything. Some people prefer to not do that, though it’s certainly the easier option.

The Qualys test should give you a pretty good hint as to why you received the “B”. What did you notice?

1 Like

I am no expert in SSL, using Cloudflare free tier, SSLLabs is showing B, with protocol support in yellow. With Let’s Encrypt, it is showing A. Does that mean Cloudflare is not as comprehensive?

But this doesn’t resolve the issue why error 526 when my server seems to be setup correctly.

If you post the hostname, we can give you specific advice, including for the 526 error (which shouldn’t happen with your Let’s Encrypt cert) . My free plan test domain gives me an A+ score.

Here you go

In SSL/TLS → Edge Certificates, set Minimum SSL version to 1.2. And the good news is that your site is loading without that 526 error.

It also suggests you use CAA records. Cloudflare will automatically add theirs if you create one of your own:

1 Like

Is this setting correct?

The site is working because the encryption is set to “Full”, when I set to “Full (strict)”, I am still getting 526. I checked with the host and they couldn’t find anything wrong with the SSL setup and the problem is with Cloudflare.

That bumps you up to an “A” rating.

As far as the 526, you may have to ask Support for help. For troubleshooting, I would try checking the origin certificate with:
curl -svko /dev/null https://lazymocha.com --connect-to ::123.123.123.123 (your server’s IP address)

1 Like

Yes, it does.

Thanks for your help, I will check with support on that.

1 Like

Hi there, just replied to your support ticket. When you have a moment, try to set up a way for us to reproduce the issue. You can always use Page Rules to enable Full (strict) for a specific sub-domain for further troubleshooting.

3 Likes

This post was flagged by the community and is temporarily hidden.

This topic was automatically closed after 30 days. New replies are no longer allowed.