The short version is that my hosting company, Bluehost, refuses to remove support for TLS 1.0 and 1.1 despite both being deprecated, which will cap your website security ranking to a “B” rating at best. Therefore I wanted to use Cloudflare to force TLS version 1.2 at minimum so I can increase my ranking etc. At one point everything was working. Not sure exactly at which point, but somewhere after I had everything working I noticed the website loading to a Cloudflare ERROR 526. I have not been able to fix this.
So far I have tried:
- Disabling SSL Strict back to Full
- Turning off SSL completely (no encryption)
- Buying a $5 SSL certificate from Cloudflare
- Disabling Universal SSL Cert after buying one from Cloudflare
- Enabling HSTS
- Disabling HSTS
- Uploading an Origin Cert to my Bluehost server
- Removing the Origin Cert from my Bluehost server
- Pausing the website on Cloudflare
- Removing the website completely from Cloudflare
Can anyone give me some guidance here? I’m literally pulling my hair out at this point.
The current state of the website is it goes to a Cloudflare error 403 Forbidden error now. (Even though the site has been fully removed from Cloudflare, even though the DNS has been changed back to Bluehost).
I have already read Cloudflare Error 526 help page and it has been utterly worthless.