I have a Heroku app exposing an API and I would like to route all requests to it through Cloudflare with full strict SSL mode. I’ve done the following steps:
- Add a CNAME record from
- Enable flattening all CNAMEs.
- Generate an origin certificate for with Cloudflare for
- Set SSL mode to Full (strict)
- Set the Heroku app’s domain to
- Disable automated certificate management on Heroku and add the Cloudflare origin certificate manually to the app.
Yet requests to
Error 526: Invalid SSL certificate. If I set SSL mode to Full, everything is working as expected (ie. when Cloudflare doesn’t verify the Heroku app’s certificate).
What could be the problem?