Error 526 happens when Cloudflare is unable to successfully validate the SSL certificate on the origin web server and the SSL setting in the Cloudflare Crypto app is set to Full SSL (Strict) for the website.
The server administrator should review the origin's SSL certificates to ensure they meet the following validation requirements:
- The certificate hasn't expired.
- The certificate isn't revoked.
- The certificate is signed by a certificate authority (such as GlobalSign, Verisign, GeoTrust, Comodo, etc) and is not a self-signed SSL certificate.
- The requested domain name (hostname) is in the certificate's Common Name or Subject Alternative Name configuration. If you added a CNAME record for the hostname on Cloudflare, the Common Name or SAN may also match the CNAME target.
If the origin server is configured to use a self-signed certificate and you'd like to have Cloudflare connect using SSL, configure the domain to use Full SSL instead of Full SSL (Strict).