SSL error on nginx

vladislav.kuzahmetov · May 9, 2023, 9:29am

Answer these questions to help the Community help you with Security questions.

What is the domain name?

yourdaysout.com

Have you searched for an answer?
yes

Please share your search results url:

seems like I have problem with url posting here

When you tested your domain using the [Cloudflare Diagnostic Center], what were the results?
yep, didn’t help

Describe the issue you are having:
I got an error 526 when switching from apache to nginx.The error is inconsistent. One of websites worked in one region, but when checked from another region - got error 526.
Also contacted regular Cloudflare support. Their answer was: no problem on their side. They suppose the problem can be on ISP end. But switching to nginx and blindly waiting updates to propagate, while not knowing where we will get an error is a bad choice

What error message or number are you receiving?
526

What steps have you taken to resolve the issue?

according to diagnostic center tried to go from full strict to full
checked certificates on sslshopper both nginx and apache (yes, with resetting their cache) - both results - ok
tried to reissue certificate from Cloudflare - problem still present

Was the site working with SSL prior to adding it to Cloudflare?
yes

What are the steps to reproduce the error:

I don’t think giving steps to reproduce the error can help

Have you tried from another browser and/or incognito mode?
tried chrome and firefox, both with incognito mode

Please attach a screenshot of the error:
Nothing to attach, just a regular error 526, right now its working on apache - so no error

vladislav.kuzahmetov · May 9, 2023, 9:32am

Seems like when I created topic it automatically added a link to every error number I posted and I can’t post more than 4 links.
the domain are:
yourdaysout.com
yourdaysout.ie
and
and search results were basically first google search options:
https://phoenixnap.com/kb/error-526-invalid-ssl-certificate
https://community.cloudflare.com/t/community-tip-fixing-error-526-invalid-ssl-certificates/44273

sandro · May 9, 2023, 9:41am

Unfortunately, that’s rather bad advice, as that drops security.

A 526 indicates an invalid certificate. If it works on Apache, but not on Nginx, that would suggest your Nginx SSL configuration is not configured with a valid certificate.

When you pause Cloudflare, you should actually get a similar error message in the browser.

Would you be comfortable to share the server IP address?

vladislav.kuzahmetov · May 9, 2023, 2:29pm

Yeah, switching from full strict to strict is less secure. I switched for ~30 minutes - no changes - went back on full strict.
Unfortunately I can’t share server IP address, but I will check again nginx configuration.
I have “stage” part of this project on different host and I copied nginx configuration from this one (it worked fine).
I will check again nginx ssl configuration and send a message, If I found anything wrong.

sandro · May 9, 2023, 2:37pm

Without the address, I am afraid it impossible to verify it, but it will be either an invalid certificate or you configured the wrong address. Best is to pause Cloudflare.

If you want you can share the address also privately.

system · May 12, 2023, 5:12pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.