Error 526 with Full (strict) and Let's Encrypt certificate at the origin server

What is the domain name?

msrumon.com.

Have you searched for an answer?

Yes.

Please share your search results URL.

https://community.cloudflare.com/search?q=error%20526%20with%20full%20strict%20and%20lets%20encrypt%20origin%20certificate.

When you tested your domain using the Cloudflare Diagnostic Center, what were the results?

Failed “Check the HTTPS status” test, passed others.

Describe the issue you are having.

DNS records are proxied. SSL is set to Full (strict). Origin server has Let’s Encrypt certificate. Yet I see “Invalid SSL certificate” error.

What error message or number are you receiving?

What steps have you taken to resolve the issue?

Setting the SSL option to “Full” does resolve the issue. But I won’t keep it like that, I want “Full (strict)”.

Was the site working with SSL prior to adding it to Cloudflare?

Yes.

What are the steps to reproduce the error?

  1. Add an A record with “Proxied” turned on.
  2. Make sure SSL option is set to “Full (strict)”.
  3. Visit the URL.

Have you tried from another browser and/or incognito mode?

Yes.

We’ve seen similar reports here recently & I’ve add myself to a couple of recent tickets in order to track progress. The team is investigating, early results show some with incorrect subjectAltName or expiry date. Others instance the origin cert shows nothing obviously incorrect.

To ensure the site is operational, Support suggest for the moment to keep it as Full SSL, we will still encrypt the traffic for the connection between Cloudflare and the origin. (Full SSL(strict) is useful when/if someone changes your origin to another website; Cloudflare will start to return errors because of validation of the SSL certificate.)

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.