526 Invalid SSL certificate

[ouuan]

https://cpeditor.org/ is returning 526 Invalid SSL certificate (between Cloudflare and the source host).

https://archive.is/G9KhZ

[coder3101]

Changed SSL/TLS mode to flexible

[ouuan]

But why does this error happen? Isn't it hosted on GitHub Pages? Is the GitHub Pages certificate expired?

[coder3101]

Cloudflare TLS/SSL mode was set to strict which requires that origin and cloudflare talks with TLS. Now, something happened on Github pages (origin server) and it no longer served valid certificates.

Now, I changed TLS/SSL to "flexible" which doesn't mandates TLS b/w origin and cloudflare.

[ouuan]

Yes, I know that. I'm wondering why GitHub Pages is not serving a valid certificate.

[ouuan]

What's the current DNS configuration?

ref: https://github.com/orgs/community/discussions/22398 https://github.com/orgs/community/discussions/23572

[coder3101]

It failed to provision/renew a certificate. If you check settings, you will find it says “it can take upto 24h to renew”.

It could be because DNS is proxied through Cloudflare so the github domain verification check failed and new certs could not be issued.

[ouuan]

I'm not familiar with GitHub Pages behind Cloudflare. Is this a good practice? I would like either plain Github Pages or Cloudflare Pages instead.

[coder3101]

Cloudflare provides DNS, free HTTPS (TLS) support, best-in-class performance settings (gzip, SDCH, HTTP/2, sane Cache-Control and E-Tag headers, etc.), minification, etc.

Serving a website behind a CDN is a well known practice.

[ouuan]

I think there must be something wrong if the certificate cannot be provisioned and strict TLS mode cannot be used. Maybe the configuration is incorrect?

I'm not sure but I doubt that using GitHub Pages behind Cloudflare could be outdated, since there is Cloudflare Pages now.

[coder3101]

I will try to use Cloudflare Pages. I’ll do it over the weekends and update this thread.