SSL Flexible

Hi there. When i set SSL mode to Flexible (origin web server in HTTP mode, without SSL) and using custom port 8443 always got “Invalid SSL certificate Error code 526”. It’s a normal?

Flexible should not be used in the first place and keeps your site insecure

So it’s best you address the certificate issue on your server, which will also fix the 526. And yes, the error is by default.

1 Like

How can this error “by default” if main function of flexible mode it’s a create SSL connection between user and CF ignoring insecure connection to origin? By doc’s CF can proxify HTTPS at port 8443 (https://developers.cloudflare.com/fundamentals/get-started/reference/network-ports/) so i didn’t see any issues why this isn’t working in my case.

  1. You have an insecure site if you are not using Full Strict
  2. That legacy mode only works for 443, not the port in question
  3. As mentioned, simply install an Origin certificate and the whole thing will be fixed
  4. Don’t forget to set Full Strict
1 Like

I’m glad to use Full Strict, but problem in application. It’s a self-hosted compiled web server without possibility server HTTPS. But i need HTTPS for external API consumer (this consumer can use only HTTPS). Anyway, thanks for info about legacy mode.

If the software does not support SSL, I’d first reach out to the vendor, as they should fix this at this point.

If there’s really no way to get SSL working with that software, just put an Apache reverse proxy in front of it, handling SSL. You can also consider Cloudflare Tunnel.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.