My website (https://ikebut.com) opens when SSL/TLS encryption mode set to Flexible.
Won’t open when set to Full (strict)

Port 443 and 80 are open in my windows firewall …
???

My website (https://ikebut.com) opens when SSL/TLS encryption mode set to Flexible.
Won’t open when set to Full (strict) Error code 522

My Certificates are installed on my Apache Server and loads at startup ?
My startup Apache log
ssl_engine_init. client AH01883: Init: Initialized OpenSSL library
ssl_engine_rand. client Init: Seeding PRNG with 0 bytes of entropy
ssl_engine_client AH01887: Init: Initializing (virtual) servers for SSL
[ssl_engine_ Configuring server ikebut.com:443 for SSL

protocol ssl_engine_client Creating new SSL context (protocols: TLSv1, TLSv1.1, TLSv1.2, TLSv1.3)
ssl_engine_init.client Configuring client authentication
ssl_engine_init.c(2212): [client AH02209: CA certificate: CN=Cloudflare Origin Certificate,OU=Cloudflare Origin CA,O=Cloudflare\, Inc.
] ssl_engine_init.c(998): [client Configuring permitted SSL ciphers [ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACH$:!aNULL:!eNULL:!EXP]

Configuring TLS extension handling
[client [ikebut.com:443] modssl_X509_match_name: expecting name ‘ikebut.com’, matched by ID 'ikebut.com’ikebut.com:443]

Cert matches for name ‘ikebut.com’ [subject: CN=Cloudflare Origin Certificate,OU=Cloudflare Origin CA,O=Cloudflare\, Inc. / issuer: ST=California,L=San Francisco,OU=Cloudflare Origin SSL Certificate Authority,O=Cloudflare\, Inc.,C=US / serial: 48B495CE571AAA48D17861E205E117060FC7FE29 / notbefore: Nov 3 2022 / notafter: Oct 30 2037

ssl_engine_Certificate and private key ikebut.com:443:0 configured from F:/Apache2.4.54/conf/Certificates/origin.pem and F:/Apache2.4.54/conf/Certificates/key.pem
mod_ssl/2.4.54 compiled against Server: Apache/2.4.54, Library: OpenSSL/1.1.1p
Child: Starting 150 worker threads.

Port 443 and 80 are open in firewall
Error 526 occurs when these two conditions are true:

Cloudflare cannot validate the SSL certificate at your origin web server, and
Full SSL (Strict) SSL is set in the Overview tab of your Cloudflare SSL/TLS app.
Resolution

For a potential quick fix, set SSL to Full instead of Full (strict) in the Overview tab of your Cloudflare SSL/TLS app for the domain.
Request your server administrator or hosting provider to review the origin web server’s SSL certificates and verify that:

Certificate is not expired
Certificate is not revoked
Certificate is signed by a Certificate Authority (not self-signed)
The requested or target domain name and hostname are in the certificate’s Common Name or Subject Alternative Name
www.ikebut.com resolves to 96.31.63.120

Server Type: Apache/2.4.54 (Win64) OpenSSL/1.1.1p

The certificate will expire in 5440 days.

The hostname (www.ikebut.com) is correctly listed in the certificate.

The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.
Common name: Cloudflare Origin Certificate
SANs: *.ikebut.com, ikebut.com
Organization: Cloudflare, Inc. Org. Unit: Cloudflare Origin CA
Valid from November 3, 2022 to October 30, 2037
Serial Number: 48b495ce571aaa48d17861e205e117060fc7fe29
Signature Algorithm: sha256WithRSAEncryption
Issuer: Cloudflare, Inc.

Your sever isn’t responding on Port 443.

# curl -skvo /dev/null https://ikebut.com --connect-to ::96..xx.xx.xx
* Connecting to hostname: 96.xx.xx.xx
*   Trying 96.xx.xx.xx:443...
* TCP_NODELAY set
* connect to 96.xx.xx.xx port 443 failed: Connection timed out
* Failed to connect to 96.xx.xx.xx port 443: Connection timed out
* Closing connection 0

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.