Loading...The Cloudflare 526 Error tells us that Cloudflare cannot successfully validate the SSL certificate on the origin web server when Cloudflare is set to use the Automatic or Strict option.
Let’s examine this error in more detail.
A website using Cloudflare may display an HTTP Error 526 due to the following reasons:
- The SSL certificate or Intermediate, or Root certificate has expired (most common)
- The SSL certificate is revoked
- The SSL certificate issuer is unknown (SSL is issued by non-trusted CA)
- The domain name doesn’t match the one indicated in the SSL certificate
How to Resolve a Cloudflare 526 Error
Firstly, note that this error is related to the SSL certificate on your web server/web hosting, which is not necessarily the same certificate that’s installed in Cloudflare. Be sure that you check/update the certificate on your web server or web hosting account.
Check these things:
- The SSL certificateis not expired. If so, please renew the SSL/TLS certificate.
- The certificate is not revoked. If the certificate is revoked, we recommend contacting your vendor to clarify the revocation reason and get a new SSL/TLS issued.
- The certificate is signed by a Certificate Authority (not self-signed).
- The domain name matches the Common Name or one of the Subject Alternative Names included in the certificate.
- The web server accepts connections over SSL port 443.
You will need to reinstall the new certificate files on the server, and at this stage, the issue should be resolved.
What Are The Cloudflare SSL Modes?
Cloudflare offers several options to choose how HTTPS is configured for your site. Let’s see what each option means:
Off (No Encryption): This mode does not employ any encryption for data transmitted between web browsers and Cloudflare, nor between Cloudflare and the origin servers. All the connections are performed using HTTP.
Full: In this mode, Cloudflare mirrors the protocol used by the browser when connecting to the server. If the browser communicates via HTTP, Cloudflare will also connect using HTTP; if HTTPS is used, Cloudflare will connect via HTTPS without verifying the server’s certificate. This option is normally used for self-signed certificates.
Full (Strict): This mode operates similarly to Full, but it includes validation of the server’s certificate. This mode is widely used for the SSL/TLS issued by the Certification Authorities.
Flexible: In this configuration, traffic from web browsers to Cloudflare can be secured with HTTPS, but the connection from Cloudflare to the origin server remains unencrypted. This mode is used when the server does not support SSL/TLS.
Strict (SSL-Only Origin Pull): In this configuration, Cloudflare always establishes a connection to the server using HTTPS, regardless of whether the connection between the browser and Cloudflare is HTTP or HTTPS. This includes verification of the origin server’s certificate.
Automatic: Cloudflare automatically chooses the mode it predicts will work best for your site.
To change the encryption mode:
- Go to your Cloudflare Dashboard
- Select your account and domain
- Go to SSL/TLS
- Choose an encryption mode
