I have generated an Origin Certificate from Cloudflare and installed in Azure Kubernetes. I also have purchased Advanced Certificate manager and then enable “Full SSL Strict”, now it is showing 526 error with second level domains.
Perhaps this certificate only covers example.com and *.example.com? It needs to cover develop.example.com and *.develop.example.com (or calculator.develop.example.com if you’re not planning on having more subdomains).
The Full setting works because it doesn’t care whether the origin certificate is valid or not - which makes it insecure. The Full (strict) setting is secure but causes this error if the origin certificate doesn’t cover the requested (sub)domain.
Like sdayman said, the issue is with the connection between Cloudflare and your origin.
Advanced Certificate Manager is only used between Cloudflare and the client.
As I mentioned earlier, the Origin Certificate you’re using most likely doesn’t cover calculator.develop.example.com. You should generate a new Origin Certificate in the Cloudflare dashboard - this one should cover develop.example.com and *.develop.example.com.
For the moment, toggle the ‘calculator’ sub-subdomain to DNS Only, then wait five minutes to take effect.
Check back with your browser. It should still throw an error due to it being an origin certificate, but it should still let you see what certificate is there. Browsers usually have an “Advanced” button to click to respond to the error.
You can also try a curl against the origin: curl -svo /dev/null https://www.example.com --connect-to ::123.123.123.123 2>&1 | egrep -v "^{.*$|^}.*$|^* http.*$"
Just make sure the IP address matches the one in your DNS records page here.
DNS Only, then wait five minutes to take effect.