Invalid SSL certificate

the website was working before and I set-up everything but today suddenly this screen appears to me. What is the solution?
No description
47 Replies
CHIPZZ
CHIPZZOPโ€ข3mo ago
Iโ€™m the owner but I didnโ€™t understand what you are trying to say @Leo
MDev
MDevโ€ข3mo ago
The section "If you're the owner of the website" Explains that your origin server is presenting an invalid SSL certificate. ;p A possible solution: Go to SSL/TLS > Origin server > Generate certificate copy paste priv key + pub cert onto your origin server SSL settings ๐Ÿ˜‰
Koffee Koder
Koffee Koderโ€ข3mo ago
Does the SSL error message have anything to do with the "let's encrypt" rollout or because of the free plan I am using for our np? I went through the same steps and my site is still showing the 526 error.
MDev
MDevโ€ข3mo ago
Or try to change SSL mode from full (Strict) to just Full.
Koffee Koder
Koffee Koderโ€ข3mo ago
@MDev Cool, I gave that a go and even went down to flexible. Is there a time period I have to wait for it to update?
MDev
MDevโ€ข3mo ago
Not realy should be near instant. Flexible didn't help either?
Koffee Koder
Koffee Koderโ€ข3mo ago
@MDev the error message changed from 526 to 520
MDev
MDevโ€ข3mo ago
browser chaches though sometimes play a huge role try with hard refresh CTRL + SHIFT + R
Koffee Koder
Koffee Koderโ€ข3mo ago
@MDev I did purge everything
MDev
MDevโ€ข3mo ago
cool, also purge browser with hard refresh ๐Ÿ˜„ Any hints within your origin error logs?
MDev
MDevโ€ข3mo ago
Matteo Duรฒ
Kinstaยฎ
How to Fix Cloudflare's "Error 520: Web Server Is Returning an Unkn...
The 520 error has to do with an error with your server that causes Cloudflare to not connect. Check out how to troubleshoot it and fix it once and for all.
Koffee Koder
Koffee Koderโ€ข3mo ago
How do I find the error logs
MDev
MDevโ€ข3mo ago
depends on your origin server / software realy But if you pause cloudflare, does your site work as expected? one of the first steps in the article
Koffee Koder
Koffee Koderโ€ข3mo ago
Haven't tried pausing, bit nervous about that I'll check the article
MDev
MDevโ€ข3mo ago
feel free to do so, if you'e nervous just pause for the testing period, all should be near instant ๐Ÿ˜‰ re-enable when confirming tests
Koffee Koder
Koffee Koderโ€ข3mo ago
ok cool thanks for the help!
MDev
MDevโ€ข3mo ago
do a ping test continous to see ip change when ip changed close re/open browser to make sure testing is "fresh" not cached Try to make note of the certificate presented by your origin in the test! If it's a green lock / a valid certificate? Could be a green lock / valid even if unvalid but trusted by your machine..
Koffee Koder
Koffee Koderโ€ข3mo ago
@MDev when I pause cloudflare the site returns as "your connection is not private"
MDev
MDevโ€ข3mo ago
i see yes. The certificate is invalid. What SSL certificate is set-up on the origin server? feel free to re-enable cloudflare / unpauze until you've fixed it. Test as you need to on the go ;p If only encryption between cloudflare and your origin server is important. You could set-up a cloudflare signed certificate on your webhost ๐Ÿ˜‰ SSL/TLS > Origin Server > Generate certificate copy paste priv key + pub cert on your origin SSL settings. You could go further and even firewall your webserver so only cloudflare IP ranges have access to it. Or yet further and take advantage of Authenticated origin pulls, requires an additional intermediate certificate to be also installed on origin ๐Ÿ™‚
Koffee Koder
Koffee Koderโ€ข3mo ago
@MDev it's just a file that says download listed under that tab
MDev
MDevโ€ข3mo ago
which is?
Koffee Koder
Koffee Koderโ€ข3mo ago
it takes me to a Origin Certificate Installation page PEM key and some coding
MDev
MDevโ€ข3mo ago
yes you need both priv and pub key, private is only visible once during generation, save it somewhere safe
Koffee Koder
Koffee Koderโ€ข3mo ago
do I paste it somewhere on cloudflare?
MDev
MDevโ€ข3mo ago
you paste it on your origin webserfver ๐Ÿ™‚ in the SSL setting private goes in private and pub in public ๐Ÿ˜‰
Koffee Koder
Koffee Koderโ€ข3mo ago
ok those must be under Paid subscriptions. I do not see that option for our free account.
MDev
MDevโ€ข3mo ago
Hmm, the certificate you obtained from cloudflare, needs to be installed on your webhost, not cloudflare. which is your webserver software to administer? Cpanel, directadmin something similar?
Koffee Koder
Koffee Koderโ€ข3mo ago
I am totally green. I do not know what that is we have our hosting with cloudflare
MDev
MDevโ€ข3mo ago
oooh O.o Nvm all that sorry :p A bit shot in the dark now hah Identify DNS, the records you're experiencing ssl issues on ๐Ÿ˜ฎ The hosting of those records is it pages, stream, images or R2?
Koffee Koder
Koffee Koderโ€ข3mo ago
I see the DNS option on my Dashboard there are several lines there some say proxy and others say dns
MDev
MDevโ€ข3mo ago
yes, the FQDN (incl. maybe a subdomain part) which points to an IP or object A or CNAME, what is the hosting behind that? the url you experience ssl issues on, find that record
Koffee Koder
Koffee Koderโ€ข3mo ago
I see "type" A as a proxy with an IP address And 7 rows of CNAME
MDev
MDevโ€ข3mo ago
nice, that IP should be a cloudflare IP than? Sorry i'm unfamiliar with CF hosting!
Koffee Koder
Koffee Koderโ€ข3mo ago
Np I appreciate the help
MDev
MDevโ€ข3mo ago
do a IP Whois lookup, confirm cloudflare or not
Koffee Koder
Koffee Koderโ€ข3mo ago
Whois lookup says... godaddy
MDev
MDevโ€ข3mo ago
i see ๐Ÿ˜ฎ does it ring a bell, godaddy?
Koffee Koder
Koffee Koderโ€ข3mo ago
Registrar WHOIS Server: whois.godaddy.com is this the problem? the site has been up for weeks and just went down a couple days ago So I need to transfer to cloudflare?
MDev
MDevโ€ข3mo ago
I could bet yes ๐Ÿ˜ฎ But you know of godaddy for your domainname registration and webhosting? No not at all, but it is an option ๐Ÿ˜‰
Koffee Koder
Koffee Koderโ€ข3mo ago
We were trying to have everything under cloudflare
MDev
MDevโ€ข3mo ago
I understand ๐Ÿ˜‰ But the reason your domain with SSL issues's A record pointing to godaddy IP means the hosting resides with godaddy still. Not necessarily bad. My guess is the SSL has expired there and since DNS is now cloudflare managed. Godaddy could not renew it automatically. Yet if godaddy is the hosting of your website still it will need a valid certificate ๐Ÿ˜‰
Koffee Koder
Koffee Koderโ€ข3mo ago
So should I copy the cert on the origin server on cloudflare onto godaddy.?
MDev
MDevโ€ข3mo ago
yes, the cert you generated on cloudflare default 12 year, valid for SSL between your origin (godaddy) and cloudflare. Install ir on godaddy in your hosting settings SSL somewhere ๐Ÿ™‚
Koffee Koder
Koffee Koderโ€ข3mo ago
cool I will give that a go. thanks again
MDev
MDevโ€ข3mo ago
Np mate, if it start working by good luck, feel free to set ssl back to full (Strict), that should work in my experience with CF certs on the origin ๐Ÿ™‚ The reason flexible or even off won't work either is because your origin web project hosted on godaddy still enforces HTTPS but i would not disable that for sure ๐Ÿ˜‰ Just fix SSL instead ๐Ÿ˜„ I told you before but just to be clear the cloudflare SSL cet will only be valid for encryption between godaddy and cloudflare. All visitors must be routed (DNS - proxied orange cloud) through cloudflare to your origin (godaddy) otherwise it will not work either ๐Ÿ˜‰
Koffee Koder
Koffee Koderโ€ข3mo ago
@MDev our site is back up and it was the hosting. thank you for all the help i learned alot.
MDev
MDevโ€ข3mo ago
That's great to hear, welcome!
Want results from more Discord servers?
Add your server