ErrorFindly
5265xx Server ErrorCritical

HTTP 526 Invalid SSL Certificate

Defined in Cloudflare

What Does HTTP 526 Mean?

Cloudflare could not validate the SSL certificate on the origin server. Used when Cloudflare SSL mode is set to 'Full (Strict)'.

Common Causes

  1. 1Origin SSL certificate expired
  2. 2Origin certificate not signed by trusted CA
  3. 3Certificate common name doesn't match hostname
  4. 4Self-signed certificate with Full (Strict) mode
  5. 5Certificate chain incomplete

Impact

  • Website unavailable via HTTPS
  • Cloudflare error page displayed

Developer Fix

For web developers and application engineers

  1. 1Install a valid, trusted SSL certificate on origin
  2. 2Use Cloudflare Origin CA certificate
  3. 3Ensure certificate covers the correct domain names

Server Admin Fix

For system administrators and DevOps engineers

  1. 1Renew expired SSL certificate on origin
  2. 2Install complete certificate chain
  3. 3Use Cloudflare Origin CA for free valid certificates
  4. 4Verify certificate matches the domain in Cloudflare DNS

Frequently Asked Questions

What's the difference between 525 and 526?
525 means the SSL handshake failed entirely (connection-level issue). 526 means the handshake succeeded but the certificate is invalid (expired, self-signed, wrong domain) when using Full (Strict) mode.
How do I fix a 526 error?
Install a valid SSL certificate on your origin. The easiest solution is to use Cloudflare's free Origin CA certificate, which is trusted by Cloudflare and lasts up to 15 years.

Related HTTP Status Codes

525SSL Handshake Failed502Bad Gateway

About the Author

Web Infrastructure Team

Verified against official RFC specifications and real-world server configurations. HTTP status code behavior confirmed across Apache, Nginx, and Cloudflare.