SSL error 526 taking down sites on 1 Feb 2022

Hello,

I would appreciate any help with this.

All sites I have on Cloudflare, which point to around 100 Web sites have all been running fine for about 1 year using the Full (Strict) setting in the SSL section.

On 1 Feb, suddenly all of these Web sites went down on the 526 error.

The SSL on the Web hosting had not expired so that is not the issue.

I have read this as well:
https://support.cloudflare.com/hc/en-us/articles/200170566-Troubleshooting-SSL-errors

Can you please tell me, what happened specifically this week that was different to mean all sites went down (which meant all ads in all advertising accounts were disapproved due to the destination URLs being unreachable, which was more collateral problems to fix). I would be appreciative to know what was the trigger to the problem after it working for so long?

What is a permanent fix to avoid this in future?

What is the advantage of using Full (Strict) over simply Full? Is the former more secure by a significant degree?

Kind regards,
Mike

What expire date did you set your origin SSL certs to when you created them?

“Full (Strict)” validates the SSL cert in addition to what “Full” does.
So yes, Full (Strict) is more secure, I will let that up to @sandro :slight_smile:

To fix the problem, the problem at first must be located and be understood. Yes, switching temporary to “Full” would make the websites work immediately, but not fix the problem. I would recommend fixing problems by their roots, not concealing them.

To check the SSL certs you are using or, in general, which your origin is offering the requestor you can bypass Cloudflare by knowing your origin’s IP or by pausing Cloudflare (latest is not recommended!)

Then inspect the cert, check the chain and see where the problem is, that’s what I would do.

  1. setting up a valid SSL cert and renew it, bevore it expires
  2. setting it to “Full”, but like I said, if you strive for security you should go with “Full (Strict)”

You know, what’s going to happen :wink:

Afraid that really is not a fix. Certificates need to be maintained and renewed. To address your question, @mike61, Full is not secure in the first place, as there is no certificate validation and the whole SSL thing becomes effectively pointless.

What the fix is, you ask? Renew all expired certificates.

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.