Setting up full (strict) SSL/TLS encryption

I want to setup full HTTPS encryption for my domain ( and subdomain (

I have a CNAME which redirects to my PythonAnywhere web host, and another CNAME which should redirect to another web app on AWS (the redirect doesn’t actually happen, but that’s another problem)

In SSL/TLS -> Overview, I’ve selected “Full (strict)”

In SSL/TLS -> Origin server, I’ve created 2 certificates: one with hosts and *, another one with hosts and *

I also have an universal certificate with hosts *,, and Universal SSL is enabled.

  1. Is the setup above correct?

  2. In my browser only, trying to access yields error 526. However it works on some other browsers. Why?

Error 526 stands for:

CloudFlare can not validate the SSL-Cert on the origin Server. It is invalid, or selfsign, which also is invalid for “Full (Strict)” SSL Mode

You have not setup your SSL-Cert right, or the SSL Cert itself is invalid.
From CloudFlare you just need one single Origin-SSl Cert. It is the one which is for: & *

As it covers the rootdomain and ALL first level subdomains.

For me it is like this: => => works => 526 Error

What you have to do is installing a valid SSL Cert on the Server which hosts or set SSL-Mode to “Full” and not “Full (Strict)” but this is just a workaround and not recommended!

1 Like


Should I disable universal SSL (in Edge certificates)?

No. First set “SSL-Mode” to “Full”. This will give you some time to resolve the error and should make your site working immediately.

Then try to install a proper SSL Cert on your origin Server as CloudFlare can not validate the installed one.

After this do not forget to switch back to “Full (Strict)” again

The SSL certificate that I have to install on my origin server (PythonAnywhere), isn’t it the one provided by cloudflare (under SSL/TLS -> Origin server)?

I can not answer you this question as I can not test your origin server unless you provide the IP of your server to me.

I can just explain to you what the errorcode (526) means and how to solve it on short and on long term

I’d love to understand how to provide a long term solution for error 526!

Thanks in advance

When I check the IP address using a service like, I get the following:



1 Like

Yes. That’s Cloudflare IPs.

This topic was automatically closed after 30 days. New replies are no longer allowed.