New to the community? Start here

Invalid ssl 526

SSL error? DNS through cloudflare, CNAME is correct. SSL – full strict. The DNS page in my hosting says it is not correct? Screen shots available of cloudflare settings on request.

Wed, 6 Mar 2019 9:56:39
  • Adam
    • Support Gorilla

    Hello Rich

    I hope you’re well today and thank you for your question!

    This error means that CloudFlare wasn’t able to verify the SSL certificate on your server. The “Full (strict)” setting at CloudFlare end requires a valid SSL certificate to be installed also on your server – for your site.

    The point here is that with CloudFlare SSL all the traffic from end-user to the CloudFlare and back is SSL secured but then there’s also the route from CloudFlare to your server and back. If you got “Full (strict)” mode set in “CloudFlare” this means that CloudFlare will require SSL connection to your server and will attempt to verify your certificate validity. If it is not able to (because the certificate is expired, is not valid for your site or e.g. doesn’t exist) it will cause an issue.

    That being said:

    – if you are using only CF certificate and don’t have any other SSL certificate installed directly on your server for your domain, please set SSL mode in CloudFlare to “Flexible” and that should sove the issue

    – if you are using CF certificate but also have additionally an SSL cert installed on your site for your domain, make sure that it’s valid for your domain and is not expired; also, if it’s a self-signed certificate you’ll want to change SSL mode in CF from “full (strict)” to “Full SSL” or “Flexible”.

    Let me know if it worked for you, please.

    Kind regards,

    Adam

  • Rich
    • eevee

    Hi Adam

    Thanks for your reply. The site is hosted through Wpmudev hosting and I am pretty certain that all settings are correct. There is no means to change the certificate if it’s expired.

    It states the dns is not correct and the ssl is valid.

    The dns is correct with a cname. The ssl isn’t.

  • Adam
    • Support Gorilla

    Hi Rich

    Thanks for response and additional explanation. I didn’t notice initially that the site is hosted with us. I’m sorry, I should have!

    A little “trick” will be necessary in this case but should do the job just fine. First please go to CloudFlare and switch SSL to “Flexible” (or if it won’t work this way switch it off entirely). Then please go to WPMU DEV Host to your site and click the button to re-check DNS for your domain.

    You’d want to give it a moment to let the certificate re-generate, just like you were freshly adding the domain. Both “lights” should go green – DNS and SSL status. Then, once this is done, get back to CloudFlare and set it back as it was “Full (strict)”.

    it should be working fine after this. Give it a go, please, and let me know if it helped.

    Best regards,

    Adam