How to Fix Error 526 Invalid SSL Certificate

Are you getting frequent errors (526 SSL)? Are you looking for the answer to how to fix Error 526: invalid SSL certificate for your website?

If your website uses the CDN feature of Cloudflare, there is a high chance that you have come across Error 526 at least once. But do you know the reasons for this error and how to fix it? We are going to explain the same in this tutorial.

What is Error 526?

When Cloudflare cannot verify the SSL/TLS certificate of the server, error 526 is generated by Cloudflare. This typically occurs when using Cloudflare’s Full SSL (strict) mode.

Two SSL/TLS certificates must be properly set up for Cloudflare to function effectively. One of the certificates is on your server, while the other is on the server of Cloudflare.

Why am I seeing error 526 invalid SSL certificate?

When someone visits your website, the Cloudflare server hosts the browser. On the other side, your server’s certificate helps to secure data sent between it and Cloudflare and aids in data encryption.

When rigours full-mode SSL is used, Cloudflare enables the security of transmitted data between the server and Cloudflare using the Cloudflare domain. Therefore, a 526 error will appear if a secure connection is not established.

fix error 526 invalid ssl certificate

Avoid confusion about the server’s origin and the one provided by Cloudflare! We’ll be frank with you and say that the browser displays the first certificate the user may see when the page initially loads. Data between the server and Cloudflare was exchanged. The onus of protecting those data transfers falls to the origin server.

We spoke about the rigorous mode at the outset, didn’t we? Between the validation and the rigors mode in action. Overall, the main two reasons are:

  • Cloudflare’s validation of an SSL/TLS certificate is unsuccessful.
  • You will receive Cloudflare error 526 if the secure connection breaks down while handling the data exchange.

How to fix error 526 invalid SSL certificate Bug

Overall, the Full (strict) mode is the cause of 526. You must switch the SSL mode for a specific domain from Full (strict) mode to Full. Check to see whether the problem is still present. This might fix error 526 invalid SSL certificate.

The web server’s SSL certificate would be to blame if the problem continued. Several items that need to be measured right away are listed below:

  • Verify the certificate’s expiration date. It ought to keep a valid expiration date.
  • Verify the certificate’s validity.
  • It is necessary for the certificate to be correctly signed by Comodo, GEO Trust, Verisign, and GlobalSign. It shouldn’t sign using the self-signed SSL certificate.
  • The alternative subject name or common name in the certificate should contain the hostname and domain name.
  • It should accept the connection to the origin web server using the SSL 443 port connection.

In order for you to double-check the SSL verification using the website https://www.sslshopper.com, Cloudflare must briefly suspend. If you see issue 526 once again, try installing the SSL certificate correctly. You can only solve this issue by doing what you’re doing right now. I believe you have the answer now.

Your Cloudflare account might be on Full (strict) function mode, which is mostly to blame for the 526 error. Simply choose the “FULL” option to replace the “FULL (strict)” one to fix the problem for the domain that is experiencing this error.

If the preceding change does not resolve the issue, your server’s SSL certificate is possibly at fault. You might want to see whether it has run out.

If the certificate has run out, you may renew it and make sure it is installed correctly to allow for the correction of this mistake. This will fix error 526, an invalid SSL certificate.


In conclusion, the SSL certificate problem between your site and Cloudflare’s server is the only cause of the 526 Cloudflare errors. You can contact us to resolve any server-related problems.

Verify that the SSL certificate is not self-issued, that it is not expired, that it is not revoked, and that it is signed by a certificate authority like GlobalSign, Verisign, GeoTrust, Comodo, etc. Alternatives include using a free Cloudflare Origin certificate.

Also Check Out: How do I Fix the Headers already sent warning in WordPress?

Show More


Hi, My name is Kartik. I have expertise in Technical and Social Domains. I love to write articles that could benefit people and the community.

Leave a Reply

Back to top button