Bobcares

How to Fix Cloudflare Error 526?

by | Jul 13, 2020

Cloudflare error 526 triggers when Cloudflare is unable to validate server’s SSL/TLS certificate. Let’s fix it now. As a part of our Server Management Services, we help our customers to fix similar Cloudflare related errors regularly.

Overview
  1. What is Cloudflare Error 526?
  2. What are the Causes of Cloudflare Error 526?
  3. How to Fix Cloudflare Error 526?
  4. Conclusion

What is Cloudflare Error 526?

While we use Cloudflare, it involves two SSL/TLS certificates. One is provided by Cloudflare and the other by the origin server. The First certificate shown in the browser while visiting the website is the Cloudflare one. Origin server’s certificate protects data exchanges between the server and Cloudflare.

The Full (strict) mode SSL option ensures a secure connection between both the visitor –  Cloudflare domain and Cloudflare – origin web server connections. Thus if any of it fail to establish a secure connection, it triggers the 526 error as shown below.

Cloudflare error 526

Let us now look at the possible reasons for this error.

What are the Causes of Cloudflare Error 526?

As we discussed earlier, the error 526 triggers when either the certificate provided by Cloudflare or by the origin server fails to establish a secure connection. This generally happens when:

* Cloudflare cannot validate the SSL certificate at the origin web server
* Full SSL (Strict) SSL is set in the Cloudflare SSL/TLS app.

Let us now look at the steps to fix this error.

How to Fix Cloudflare Error 526?

Full (strict) mode is the most common reason for the 526 error. A quick fix to solve it would be to change the SSL mode to Full instead of Full (strict) from the Overview tab of Cloudflare SSL/TLS section for the particular domain.

If the issue persists even after changing the SSL mode to Full, then it would be more likely related to the origin web server’s SSL certificates. We need to verify that:

1. The certificate is not expired
2. The certificate is not revoked
3. The certificate is signed by a Certificate Authority such as GlobalSign, Verisign, GeoTrust, Comodo, etc, and is not a self-signed SSL certificate.
4. The requested domain name and hostname are in the certificate’s Common Name or Subject Alternative Name.
5. Origin web server accepts connections over port SSL port 443
6. Temporarily pause Cloudflare and cross-check the certificate with any SSL verification sites like  https://www.sslshopper.com to verify that no issues exist with the origin SSL certificate.

If the origin server is using an expired, revoked or self -signed certificate, the next step to fix this error would be to install a proper SSL certificate signed by a Certificate Authority. Likewise, it is important to have the requested domain name and hostname in the certificate’s Common Name or Subject Alternative Name. If we have added a CNAME for the hostname on Cloudflare, the Common Name or SAN may also match the CNAME target.

Cloudflare can also issue origin certificates to us on request if we don’t want to pay for or acquire one from a third-party. The 526 error should disappear after the installation of a valid certificate on the origin server and the server it accept secure (HTTPS) connections.

 

[Need any further assistance in fixing Cloudflare errors? – We’re available 24*7]

 

Conclusion

In short, Cloudflare error 526 occurs when Cloudflare is unable to validate the server’s SSL/TLS certificate. Today, we saw how our Support Engineers fix this error.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

8 Comments

  1. sathe krish

    You presented your ideas and thoughts really well on the paper.
    The way you explain a complex topic in an easy-to-understand way is really impressive.

    Reply
    • Hiba Razak

      Thank you.

      Reply
  2. Manfred Schlicker

    I have “Error 526” , “Invalid SSL Certificate” on my PC.
    Can You help me to fix it ?

    Reply
    • Manfred Schlicker

      I have “Error 526” , “Invalid SSL Certification” on my PC.
      Can You help me to fix it ?

      Reply
      • Syam S

        Sure, please contact our support team via live chat

        Reply
    • Syam S

      Sure, please contact our support team via live chat

      Reply
  3. Manish Ahuja | MrEmogical

    Thank you for this post. Worked like a charm for my website Paycheck To Profit.

    Was dealing with this challenge fir a while now.

    So glad this is now sorted

    Reply
    • Hiba Razak

      Hi Manish,
      Thanks for the feedback. We are glad to know that our article was helpful for you 🙂 .

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF