Solved: Error 526 Invalid SSL Certificate

SSL certificate Error
Better Stack Team
Updated on May 4, 2022

Problem

Getting Error 526: Invalid SSL certificate Cloudflare error.

Cause of the problem

Error 526 indicates Cloudflare is unable to successfully validate the SSL certificate on the origin web server and the SSL setting in the Cloudflare SSL/TLS app is set to Full SSL (Strict) for the website.

Solution

  1. If the origin server is configured to use a self-signed certificate, install a valid certificate on your origin server. To test to see if your origin has a self-signed certificate, run the following cURL command and replace the http://example.com with your domain and 123.123.123.123 with your origin IP.
 
curl -svo /dev/null --resolve example.com:443:123.123.123.123 https://example.com/

The response from an origin server with a self-signed certificate will contain SSL certificate problem: self signed certificate. A self-signed certificate secures the connection between Cloudflare and your origin but will cause a 526 error when you try to connect to the origin directly.

  1. Check to make sure the certificate hasn’t expired, the certificate isn’t revoked, and that the certificate is signed by a certificate authority
  2. Check to make sure the requested domain name (hostname) is in the certificate’s Common Name or Subject Alternative Name (SAN) configuration
Got an article suggestion? Let us know
Share on Twitter Share on Facebook Share via e-mail
Explore more
SSL certificate Error
Solved: Error:0D0680A8 : asn1 encoding routines: ASN1_CHECK_TLEN: wrong tag
This error is due to an invalid certificate format installed on the Apache webserver.
Questions
Solved: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
When you are accessing the HTTPS secured website a series of steps is taken in the background to ensure that the connection is safe and trusted. Some of these steps consist of checking certificates. If the browser does not believe that the connection would be secure it displays this error.
Questions
Solved: Invalid command ‘SSLEngine
This frequently happens on fresh Apache servers. When Apache starts it reads through the configuration files. When it encounters `SSLEngine` directive, it considers it as unknown. This is caused by the fact that the server’s basic configuration does not have `mod_ssl` module installed or enabled.
Questions
SSL Certificate Problem: Unable to get Local Issuer Certificate
If you get SSL certificate problem: unable to get local issuer certificate error, it's an indication that your root and intermediate certificates on the system are not working correctly or not set up correctly.
Questions
Licensed under CC-BY-NC-SA

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

We are hiring.

Software is our way of making the world a tiny bit better. We build tools for the makers of tomorrow.

Join the Better Stack team

Help us in making the internet more reliable.

Better Stack logo
Become a contributor

Help us with developer education and get paid.

Better Stack community logo
NEW
Explore all positions →

Reliability is the
ultimate feature

Delightful observability tools that turn your logs & monitoring into a secret weapon for shipping better software faster.

Explore Better Stack