Skip to content
5xx · Server Error

526 Invalid SSL Certificate

A Cloudflare error meaning the origin's SSL certificate could not be validated.

What it means

HTTP 526 is a non-standard Cloudflare status returned when Cloudflare cannot validate the SSL certificate presented by the origin server while using a strict SSL mode. The handshake itself may proceed, but the certificate fails validation — it is expired, self-signed, or untrusted — so Cloudflare refuses the connection.

When it happens

It happens under Cloudflare's Full (Strict) SSL mode when the origin serves an expired, self-signed, or otherwise untrusted certificate, or one whose hostname does not match.

How to fix it

  • Install a valid certificate from a trusted authority on the origin, or use a Cloudflare Origin CA certificate.
  • Renew an expired origin certificate.
  • If a self-signed certificate is intentional, switch Cloudflare to Full instead of Full (Strict).
  • Make sure the certificate's hostname matches the origin it is serving.

SEO impact

Damaging if sustained. While the certificate fails validation, crawlers receive a server error and the page stays out of the index until the origin certificate is fixed.

Check it with Sitewell

Find out which of your URLs return 526

Paste a list of URLs and Sitewell checks the status code of every one at once — free and without signup.

Bulk HTTP status checker →

Related codes

500 Internal Server Error

A generic error meaning the server encountered an unexpected condition.

501 Not Implemented

The server does not support the functionality required to fulfil the request.

502 Bad Gateway

A server acting as a gateway received an invalid response from the upstream server.

503 Service Unavailable

The server is temporarily unable to handle the request, often due to overload or maintenance.

504 Gateway Timeout

A gateway server did not receive a timely response from the upstream server.

505 HTTP Version Not Supported

The server does not support the HTTP protocol version used in the request.

Related guides

HTTP status codes explained: a practical primer for SEOs

A plain-English primer on HTTP status codes for SEOs: what the 2xx, 3xx, 4xx, and 5xx families mean, which ones affect rankings, and the codes worth knowing.

How to find and fix broken links

A practical walkthrough for finding broken links on your site, working out why each one breaks, and fixing them so visitors and crawlers stop hitting dead ends.

← All HTTP status codes