Insecure upstream with Cloudflare Origin Certificate


I set up Cloudflare for Teams for my org by adding a private network to WARP.
Can access the resources, all good.

I then added an DNS entry in Cloudflare Dashboard that points to an IP from my private network. On that IP I have an web app that is exposed via NGINX.

The NGINX listens on port 443 with https configured and is using an Cloudflare Origin Certificate that has the wildcard host that includes my DNS entry.
If I try to access the domain via Cloudflare Gateway while connected to WARP I get the “Insecure upstream - HTTP Response Code: 526” error.

Does Cloudflare Gateway not work with Cloudflare Origin Certificate?

I can access that DNS entry via HTTP without problems but I would like to have it via HTTPS also.

Thank you

At the moment you’ll want to create a HTTP filtering rule for the IP or Host names without a valid SSL certificate with an action of Do Not Inspect. Support for custom/ untrusted certs is something we’re researching.


Thank you, I can confirm it works with a Do Not Inspect rule. I knew that custom/untrusted certs can’t be used now but I thought Cloudflare Origin Certificate will be seen as trusted.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.