You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
added this part:
If you are using self-signed SSL certificate at the origin server, use the following workaround to avoid an HTTP Error 526.
Add your self-signed SSL certificate to the Custom Origin Trust Store. This allows the Cloudflare edge to recognize your self-signed SSL certificate as valid.
In your Worker's configuration, enable the cots_on_external_fetch compatibility flag. This flag enables the use of the Custom Origin Trust Store when making external (grey-clouded) subrequests from a Cloudflare Worker.
Copy file name to clipboardExpand all lines: src/content/docs/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-526.mdx
+7-1Lines changed: 7 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -39,6 +39,12 @@ Workers subrequests to any hostname outside your Cloudflare zone that is not pro
39
39
40
40
As a result, a valid SSL certificate is required at the origin server.
41
41
42
+
If you are using self-signed SSL certificate at the origin server, use the following workaround to avoid an HTTP Error `526`.
43
+
44
+
1. Add your self-signed SSL certificate to the **[`Custom Origin Trust Store`](/ssl/origin-configuration/custom-origin-trust-store/)**. This allows the Cloudflare edge to recognize your self-signed SSL certificate as valid.
45
+
2. In your Worker's configuration, enable the **[`cots_on_external_fetch` compatibility flag](/workers/configuration/compatibility-flags/#do-not-use-the-custom-origin-trust-store-for-external-subrequests)**. This flag enables the use of the **[`Custom Origin Trust Store`](/ssl/origin-configuration/custom-origin-trust-store/)** when making external (grey-clouded) subrequests from a Cloudflare Worker.
46
+
47
+
42
48
### Resolution
43
49
44
50
:::note
@@ -56,4 +62,4 @@ Request your server administrator or hosting provider to review the origin web s
56
62
57
63
58
64
59
-
If the origin server uses a self-signed certificate, configure the domain to use _Full__SSL_ instead of _Full SSL (Strict)_. Refer to [recommended SSL settings for your origin](/ssl/origin-configuration/ssl-modes).
65
+
If the origin server uses a self-signed certificate, configure the domain to use _Full__SSL_ instead of _Full SSL (Strict)_. Refer to [recommended SSL settings for your origin](/ssl/origin-configuration/ssl-modes).
0 commit comments