Weird SSL error

Hi all, I’d really appreciate some help.

I have been using the cloudflare API with a docker DDNS to update my dynamic IP successfully for months now. Yesterday, I was playing around with the certbot/cloudflare-dns container and didn’t realise that getting it to issue a certificate would cause problems with my existing SSL setup.

Until now, I have successfully been using the Origin Certs in Full (Strict) mode. I would like to be able to get back to that. Currently every time I visit anything hosted (across multiple domains) on my server I get a ‘526’ error. I know the certs and keys are good though – not least because I recreated all of them.

So far I have:

  • Reset global API key
  • Reset Origin CA
  • Rolled all api keys
  • Generated new Origin certs for every site and verified them numerous times

The DDNS container(s) all function 100%. When I visit the address’ the SSL cert on the 526 is a Cloudflare origin one…

What can the Certbot have done that I need to undo? All five of my domains are currently down, including all of the associated sub-domains and services.

Modified your config file which could point to it’s own generated SSL certificate, or removed the line indicating the location of your Cloudflare Origin CA certificate which you used before?

DDNS, maybe it got wrong IP address “hooked” to an SSL certificate or did run only for a main domain, but not sub-domain(s)?

What is the output of running a command in your CLI:
curl -svo /dev/null https://yourdomain.com --connect-to ::your.host.ipv4.address 2>&1 | egrep -v "^{.*$|^}.*$|^* http.*$"

Is Cloudflare allowed to connect to your host/origin (docker setup)?
Is the SSL 443 port open at your host/origin?

What happens when you switch from :orange: to :grey: cloud at Cloudflare?

Have you already went throught the step-by-step instructions as suggested in the below article?: