526 Invalid SSL Certificate

Fault: Server

TL;DR

A Cloudflare-specific code: in Full (strict) mode, the origin certificate is expired, self-signed, or otherwise untrusted.

Cloudflare could not validate the origin server's SSL certificate.

What HTTP 526 Invalid SSL Certificate Means

Cloudflare could not validate the origin server's SSL certificate.

A Cloudflare-specific code: in Full (strict) mode, the origin certificate is expired, self-signed, or otherwise untrusted.

Common Causes

Expired origin certificate
Self-signed or untrusted certificate in strict mode
Hostname mismatch on the certificate
Incomplete certificate chain

How to Fix It (For Visitors)

Contact the website owner

How to Fix It (For Developers/Admins)

Install a valid, trusted certificate (or a Cloudflare Origin CA cert)
Include the full chain and correct hostnames
Switch to Full (not strict) only as a temporary measure
Renew expired certificates

Returning a 526 Invalid SSL Certificate (Code Examples)

If you build APIs or web apps, here is how to send an HTTP 526 response and how to test for it:

Node.js (Express)

app.get('/resource', (req, res) => {
  res.status(526).json({ error: 'Invalid SSL Certificate' });
});

Python (Flask)

@app.route('/resource')
def resource():
    return jsonify(error='Invalid SSL Certificate'), 526

PHP

<?php
http_response_code(526);
header('Content-Type: application/json');
echo json_encode(['error' => 'Invalid SSL Certificate']);

Check the status with curl

curl -I https://example.com/resource
# Look for: HTTP/1.1 526 Invalid SSL Certificate

Frequently Asked Questions

What does HTTP 526 Invalid SSL Certificate mean?

A Cloudflare-specific code: in Full (strict) mode, the origin certificate is expired, self-signed, or otherwise untrusted. In short: Cloudflare could not validate the origin server's SSL certificate.

Is a 526 Invalid SSL Certificate error my fault or the website's?

526 is a 5xx server-error code, so the problem is on the server side, not your browser or device. As a visitor you can usually only retry; if you run the site, investigate the server.

How do I fix a 526 Invalid SSL Certificate error?

Install a valid, trusted certificate (or a Cloudflare Origin CA cert). Include the full chain and correct hostnames. Switch to Full (not strict) only as a temporary measure.

Official Specification

The 526 Invalid SSL Certificate status code is defined in Cloudflare (non-standard).

View the IANA HTTP Status Code Registry →