SSL 526 on some networks, but not in dev mode

I’m running into a very strange problem where our site is always getting 526 errors on only some networks. For example, the site will work fine on my LTE network and on a friend’s home wifi network, but it will return 526s from my home wifi network and my friend’s LTE network. What’s also strange is turning on “developer mode” seems to mostly fix the problem. Some 526s are returned randomly, but at least the site is accessible whereas with developer mode off some networks always get 526s. Leaving developer mode on is of course not a viable option and we’d like to keep “Full (strict)” mode on. With the site working on some networks and with developer mode on, it makes me think there may be some weird issue on Cloudflare’s end.

Some details:

  • Issue is happening for a subdomain that is pointed to our own server.
  • Our server only serves that specific subdomain.
  • Origin cert covers a wildcard for all subdomains and the root domain.
  • Using NGINX

Things I’ve tried, but haven’t worked (give the same result as described above):

  • Generating a new SSL cert to cover only the specific subdomain being used.
  • Adding the Cloudflare root certs to the NGINX config as ssl_trusted_certificate and/or ssl_client_certificate.
  • Concatenating the root cert with the origin cert to use as the cert.

Also worth noting we’ve tried switching from “Full (strict)” to “Full” and there are weird issues with our firewall where some traffic is blocked. Could it be that Cloudflare is running into this firewall issue when trying to create an SSL connection to our origin server?

If the firewall is an issue, why does the 526 errors go away when turning on developer mode? Perhaps because Cloudflare switches the servers it uses to hit our origin servers?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.