FIX: Invalid SSL certificate Error code 526

Generate SSL certificate via WordPress plugin

Encountering an Invalid SSL certificate – Error code 526 while accessing your site can be frustrating. This error typically occurs when your website is using Cloudflare as a proxy, but there’s an issue with the SSL certificate on your origin server. Fortunately, fixing this issue is straightforward once you understand its causes and solutions.

Understanding Error Code 526

Error 526 is specific to Cloudflare and indicates that Cloudflare was unable to verify the SSL certificate installed on your origin server. This usually happens because of:

  • An expired SSL certificate on the origin server
  • A misconfigured SSL certificate
  • An untrusted certificate authority (CA)
  • Cloudflare’s SSL/TLS mode set to “Full (Strict)” while the origin server has an invalid or self-signed certificate

To ensure secure communication between Cloudflare and your server, Cloudflare must be able to trust your SSL certificate. If it deems the certificate invalid, it will prevent traffic from reaching your site.

How to Fix Error Code 526

Here are the steps to resolve this issue and restore secure access to your website.

1. Check Your SSL Certificate’s Validity

The first step is to verify whether your SSL certificate is valid and not expired. You can check this by visiting your site directly, bypassing Cloudflare:

  1. Change your local hosts file to resolve your domain to your server’s IP.
  2. Visit your site using https://yourdomain.com.
  3. Inspect the certificate details in your browser by clicking on the padlock icon.
WP Force SSL certificate details

If the certificate is expired, you’ll need to renew it through your SSL provider or generate a new one.

2. Ensure Your SSL Certificate Is Issued by a Trusted Authority

If Cloudflare rejects your certificate, it might be from an untrusted source. You should ensure that the certificate is issued by a globally trusted Certificate Authority (CA) such as:

  • Let’s Encrypt
  • DigiCert
  • GlobalSign
  • Comodo

Cloudflare will not accept self-signed certificates when in “Full (Strict)” SSL/TLS mode, so if you are using one, consider replacing it with a trusted certificate.

3. Verify Cloudflare’s SSL/TLS Settings

Misconfigured SSL/TLS settings in Cloudflare can be a common cause of Error 526. Follow these steps to check your settings:

  1. Log in to your Cloudflare dashboard.
  2. Navigate to the SSL/TLS section.
  3. Ensure that your SSL mode is correctly configured. If you’re using “Full (Strict),” make sure your origin server has a valid certificate.

You can switch to “Full” instead of “Full (Strict)” if you cannot immediately secure a trusted certificate, but this is not a recommended long-term solution.

4. Reinstall or Replace the SSL Certificate

If your certificate is valid but still causes issues, consider reinstalling or replacing it:

  1. Download the certificate and chain files from your SSL provider.
  2. Install them on your server according to your web server’s documentation (Apache, Nginx, etc.).
  3. Restart your web server after installation.

Once done, test SSL verification using an online tool like SSL Labs’ SSL Test.

Preventing Future SSL Issues

To avoid encountering Error 526 in the future, follow these best practices:

  • Use Cloudflare’s Origin CA Certificates to ensure trusted connection between Cloudflare and your server.
  • Regularly renew your SSL certificate before it expires.
  • Ensure your server configuration properly supports HTTPS and doesn’t have conflicting SSL settings.

Conclusion

Error code 526 can be a critical issue, preventing visitors from accessing your website securely. By understanding the causes and following the steps outlined above, you can quickly diagnose and resolve the problem. Ensuring your SSL certificate remains valid and correctly configured is key to maintaining a secure and trustworthy website experience.