Invalid SSL certificate
the website was working before and I set-up everything but today suddenly this screen appears to me. What is the solution?
47 Replies
Iโm the owner
but I didnโt understand what you are trying to say
@Leo
The section "If you're the owner of the website" Explains that your origin server is presenting an invalid SSL certificate. ;p
A possible solution: Go to SSL/TLS > Origin server > Generate certificate copy paste priv key + pub cert onto your origin server SSL settings ๐
Does the SSL error message have anything to do with the "let's encrypt" rollout or because of the free plan I am using for our np? I went through the same steps and my site is still showing the 526 error.
Or try to change SSL mode from full (Strict) to just Full.
@MDev Cool, I gave that a go and even went down to flexible. Is there a time period I have to wait for it to update?
Not realy should be near instant. Flexible didn't help either?
@MDev the error message changed from 526 to 520
browser chaches though sometimes play a huge role
try with hard refresh CTRL + SHIFT + R
@MDev I did purge everything
cool, also purge browser with hard refresh ๐
Any hints within your origin error logs?
Matteo Duรฒ
Kinstaยฎ
How to Fix Cloudflare's "Error 520: Web Server Is Returning an Unkn...
The 520 error has to do with an error with your server that causes Cloudflare to not connect. Check out how to troubleshoot it and fix it once and for all.
How do I find the error logs
depends on your origin server / software realy
But if you pause cloudflare, does your site work as expected?
one of the first steps in the article
Haven't tried pausing, bit nervous about that
I'll check the article
feel free to do so, if you'e nervous just pause for the testing period, all should be near instant ๐
re-enable when confirming tests
ok cool thanks for the help!
do a ping test continous to see ip change
when ip changed close re/open browser to make sure testing is "fresh" not cached
Try to make note of the certificate presented by your origin in the test!
If it's a green lock / a valid certificate? Could be a green lock / valid even if unvalid but trusted by your machine..
@MDev when I pause cloudflare the site returns as "your connection is not private"
i see yes. The certificate is invalid. What SSL certificate is set-up on the origin server?
feel free to re-enable cloudflare / unpauze until you've fixed it. Test as you need to on the go ;p
If only encryption between cloudflare and your origin server is important. You could set-up a cloudflare signed certificate on your webhost ๐ SSL/TLS > Origin Server > Generate certificate copy paste priv key + pub cert on your origin SSL settings. You could go further and even firewall your webserver so only cloudflare IP ranges have access to it. Or yet further and take advantage of Authenticated origin pulls, requires an additional intermediate certificate to be also installed on origin ๐
@MDev it's just a file that says download listed under that tab
which is?
it takes me to a Origin Certificate Installation page
PEM key and some coding
yes you need both priv and pub key, private is only visible once during generation, save it somewhere safe
do I paste it somewhere on cloudflare?
you paste it on your origin webserfver ๐
in the SSL setting private goes in private and pub in public ๐
ok those must be under Paid subscriptions. I do not see that option for our free account.
Hmm, the certificate you obtained from cloudflare, needs to be installed on your webhost, not cloudflare. which is your webserver software to administer? Cpanel, directadmin something similar?
I am totally green. I do not know what that is
we have our hosting with cloudflare
oooh O.o
Nvm all that sorry :p A bit shot in the dark now hah
Identify DNS, the records you're experiencing ssl issues on ๐ฎ
The hosting of those records is it pages, stream, images or R2?
I see the DNS option on my Dashboard
there are several lines there some say proxy and others say dns
yes, the FQDN (incl. maybe a subdomain part) which points to an IP or object A or CNAME, what is the hosting behind that?
the url you experience ssl issues on, find that record
I see "type" A as a proxy with an IP address
And 7 rows of CNAME
nice, that IP should be a cloudflare IP than? Sorry i'm unfamiliar with CF hosting!
Np I appreciate the help
do a IP Whois lookup, confirm cloudflare or not
Whois lookup says... godaddy
i see ๐ฎ does it ring a bell, godaddy?
Registrar WHOIS Server: whois.godaddy.com
is this the problem? the site has been up for weeks and just went down a couple days ago
So I need to transfer to cloudflare?
I could bet yes ๐ฎ But you know of godaddy for your domainname registration and webhosting?
No not at all, but it is an option ๐
We were trying to have everything under cloudflare
I understand ๐ But the reason your domain with SSL issues's A record pointing to godaddy IP means the hosting resides with godaddy still. Not necessarily bad. My guess is the SSL has expired there and since DNS is now cloudflare managed. Godaddy could not renew it automatically. Yet if godaddy is the hosting of your website still it will need a valid certificate ๐
So should I copy the cert on the origin server on cloudflare onto godaddy.?
yes, the cert you generated on cloudflare default 12 year, valid for SSL between your origin (godaddy) and cloudflare. Install ir on godaddy in your hosting settings SSL somewhere ๐
cool I will give that a go. thanks again
Np mate, if it start working by good luck, feel free to set ssl back to full (Strict), that should work in my experience with CF certs on the origin ๐
The reason flexible or even off won't work either is because your origin web project hosted on godaddy still enforces HTTPS but i would not disable that for sure ๐ Just fix SSL instead ๐
I told you before but just to be clear the cloudflare SSL cet will only be valid for encryption between godaddy and cloudflare. All visitors must be routed (DNS - proxied orange cloud) through cloudflare to your origin (godaddy) otherwise it will not work either ๐
@MDev our site is back up and it was the hosting. thank you for all the help i learned alot.
That's great to hear, welcome!