526 Invalid SSL Certificate β
Meaning β
A Cloudflare-specific status indicating that the origin server presented an SSL/TLS certificate that Cloudflare considered invalid (e.g., self-signed, expired, or otherwise untrusted).
When to Use β
When the proxy can connect over TLS but the certificate validation fails. Cloudflare uses this to signal to the user that the handshake was made but the certificate from the origin is not acceptable (no trusted CA, CN mismatch, etc.).
Example β
If a websiteβs origin has an expired SSL certificate, Cloudflare may return 526 Invalid SSL Certificate to the end-user, essentially saying it cannot establish a trusted secure connection to the origin due to certificate issues.
When Not to Use β
Do not use on a typical server directly to clients. A normal client connecting to a server with an invalid cert will not receive an HTTP 526; instead, the TLS connection would fail entirely. 526 is a byproduct of Cloudflareβs attempt to connect on behalf of the user.
Source β
Unofficial (Cloudflare)