Flexible SSL returns 526 error

I cannot seem to get Flexible SSL to work for a brand new domain which is resolving to a server that does not run SSL.

I don’t really want to provide the domain name here to be honest, mainly because I have tried this with multiple domains, including a subdomain using custom rules… but still nothing.

Here’s the issue:

New domain set to Flexible SSL returns the 526 Invalid SSL Certificate error. However, it was my understanding that the having it set to Flexible SSL means that the server side does not need to have the SSL certificate created.

The server is running on a custom port, one supported by SSL traffic in Cloudflare (8443) and I do not get this error when running on a non-SSL port.

Cannot figure out what’s going on here, but I purposely bought a new domain, just so I could have the entire domain name use Flexible SSL because I thought maybe I was having issues with the rules when setting up on a subdomain… so sorta wasted money there and achieved nothing.


Install an SSL certificate on your origin server.

I can’t because the server is effectively a Windows PC running a web interface and not a full web server.

Flexible connects using HTTP to TCP 80. It doesn’t connect to 8443 on your origin. It is also completely insecure and should never be used. If you are going to expose an insecure service like that, you need you should look into creating a Cloudflare Tunnel on that host.

1 Like

The issue here is that, even though we support that port, the initial request has to use it. So, if you were to do “http://domain.tld:8443” it would probably go. However, that’s not feasible for most applications.

Epic’s reply is spot on. If you can’t run SSL for it, it’s highly recommended that you use a cloudflared tunnel. This is a free Zero Trust add-on that you can set up quite easily.

The alternative is, you may be able to use an Origin Rule to override the port, but you’re still left with the security problem.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.