Error 526 - With home Synology hosted website

Since few days now a perfectly working web environnement shows up an Error 526 which I cannot get rid of !

Trying to install a parallel Let’s Encrypt certificate made all wrong and now, no way in order CloudFlare recognize it’s own certificate… help !

The website is https://dumspiro.ch, runing on a apache 2.4 web station, powered by a small synology nas.

Creation and upload of the certificate were both fine. CSR used was the one created by the synology.

If you have any idea of what went wrong… thanks a lot in advance for your kind reply.

crica

Set this hostname back to :grey: in Cloudflare DNS and see if you can get it up and running again with HTTPS. Then you can set it back to :orange:.

2 Likes

Tried but it does not work… always same 526 error, eventhough the whole chain is within Cloudflare…

Leave it set to :grey: until you get it fixed on your server. It may take 5 minutes for Cloudflare DNS to update.

Since then, it is still now as not proxied but still not working… end of Mach it was still working, it started to be 526 when I played with some Let’s Encrypt certificates…pfff

Nobody can help ? It was working pretty well and then I played with those certificates, now, it is still interesting for me understanding if many different certificates can live together on my server and how to correct any errors… such as the one I have here…
Thanks a lot in advance :slight_smile: and specially to sdayman who tried… merci beaucoup :slight_smile:

Not until you fix your server.

Hi Sdayman,

Oups, maybe my English was not good enough, sorry for that. Server side, all certificates were renewed and the server started again, hence, I still need to understand which certificates is red by Cloudflare as Origin one and how to check this.

As the status, from my side is :

  • Synology : all certificates are newly installed, recognised and affected to one (and only one) service. A valid one (Cloudflare one) is setup for 80 and 443 ports;
  • Web side : the 526 error replies on a page certified with the Edge Cloudflare certificate;
  • Still unknown : why the Cloudflare web affected certificate is not recognised by Cloudflare and how can I check (on Cloudflare backoffice) which one is taking into consideration by Cloudflare ?
    Again thanks a lot for your time and help.
    C.

Give this a try to see what certificate Cloudflare is trying to connect to. Change the IP address from 12.34.56.78 to whatever your server IP address is.

curl -svo /dev/null https://dumspiro.ch --connect-to ::12.34.56.78 2>&1 | egrep -v "^{.*$|^}.*$|^* http.*$"

I’ll do that right now and I’ve also read some answers you gave and tested the site with https://www.sslshopper.com/ssl-checker.html#hostname=www.dumspiro.ch and all seems fine there

Here is the reply, which seems to be “applicable” but does not say which certificate is used… or… can you help and tell me in which line I can see this ?
curl -svo /dev/null https://dumspiro.ch --connect-to 2001:1715:4e35:830:e9e2:f582:8d92:f3b3 2>&1 | egrep -v “^{.|^}.*|^ http.*$”

  • TLSv1.2 (OUT), TLS header, Certificate Status (22):
  • TLSv1.2 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  • TLSv1.2 (OUT), TLS handshake, Finished (20):
  • TLSv1.2 (IN), TLS change cipher, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Finished (20):

GET / HTTP/2
Host: dumspiro.ch
User-Agent: curl/7.54.0
Accept: /

< HTTP/2 526
< date: Wed, 06 May 2020 19:09:38 GMT
< content-type: text/html
< set-cookie: __cfduid=d3b3eff6ad5e4ce24f617eb222d165dfd1588792178; expires=Fri, 05-Jun-20 19:09:38 GMT; path=/; domain=.dumspiro.ch; HttpOnly; SameSite=Lax; Secure
< cache-control: no-store, no-cache
< expect-ct: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< x-content-type-options: nosniff
< server: cloudflare
< cf-ray: 58f4ff2be880e66c-LHR
< alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
< cf-request-id: 028cfdcf710000e66c86179200000001
<

The only thing I can see is the reply gives TLS1.2 when TLS1.3 is activated on Cloudflare side, but this does not changed in the last few months

But if I try with IPv4 the result is :slight_smile:Failed to connect to 84.227.80.131 port 443: Connection timed out

That didn’t look right. That looks like a Cloudflare public certificate. Not an Origin certificate:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.