When I try to access my page via HTTPS: https://www.mrdjaphoto.com, I get an error ERR_CERT_AUTHORITY_INVALID
Universal SSL Status Active Certificate
https://www.sslshopper.com/ssl-checker.html#hostname=https://www.mrdjaphoto.com
Everything seems ok still my webpage is not secured.
Any ideas of why this is?
The certificate works for me, though you seem to have mixed content. However that is a different issue from an invalid CA.
Make sure you are not using any outdated DNS records.
You mean that you can access the page without this error?
Precisely.
Still experiencing the same error. Can you point me to how to resolve this and DNS issue? Thank you!
And here is the DNS list.
| A | admin | points to 160.153.131.219 | Automatic | Delete | |
|---|---|---|---|---|---|
| A | points to 160.153.131.219 | Automatic | Delete | ||
| A | mrdjaphoto.com | points to 160.153.131.219 | Automatic | Delete | |
| CNAME | autodiscover | is an alias of autodiscover.outlook.com | Automatic | Delete | |
| CNAME | cpanel | is an alias of mrdjaphoto.com | Automatic | Delete | |
| CNAME | is an alias of email.secureserver.net | Automatic | Delete | ||
| CNAME | lyncdiscover | is an alias of webdir.online.lync.com | Automatic | Delete | |
| CNAME | msoid | is an alias of clientconfig.microsoftonline-p.net | Automatic | Delete | |
| CNAME | sip | is an alias of sipdir.online.lync.com | Automatic | Delete | |
| CNAME | webdisk.admin | is an alias of mrdjaphoto.com | Automatic | Delete | |
| CNAME | webdisk | is an alias of mrdjaphoto.com | Automatic | Delete | |
| CNAME | whm | is an alias of mrdjaphoto.com | Automatic | Delete | |
| CNAME | www.admin | is an alias of mrdjaphoto.com | Automatic | Delete | |
| CNAME | www | is an alias of mrdjaphoto.com | Automatic | Delete | |
| MX | mrdjaphoto.com | mail handled by mrdjaphoto-com.mail.protection.outlook.com0 | Automatic | Delete | |
| SRV | _sip._tls.mrdjaphoto.com. | SRV 100 1 443 sipdir.online.lync.com. | Automatic | Delete | |
| SRV | _sipfederationtls._tcp.mrdjaphoto.com. | SRV 100 1 5061 sipfed.online.lync.com. | Automatic | Delete | |
| TXT | mrdjaphoto.com | google-site-verification=D0n7Qw4JNQbaTMMOKHbSfZUif-o1atcXTTr_ClGozqs | Automatic | Delete | |
| TXT | mrdjaphoto.com | NETORGFT4342720.onmicrosoft.com | Automatic | Delete | |
| TXT | mrdjaphoto.com | v=spf1 include:spf.protection.outlook.com -all | Automatic |
That is not the error you mentioned but another one, most likely the mixed content I referred to earlier.
Your should be able to click on the ! icon and find out some details. In Google Chrome, click on the small shield you’ll see on the right side of the address bar, there is a script that is not loading over https, that is the mixed content issue @sandro pointed out. I do not see the invalid CA you posted about orginally.
After some testing, I can confirm that I have a problem with SSL when I access my website over home wifi but when I connect over the mobile internet it works fine.
Can you post the output of https://www.mrdjaphoto.com/cdn-cgi/trace from both connections?
Over WiFi
fl=120f1
h=www.mrdjaphoto.com
ip=178.148.94.240
ts=1542410321.166
visit_scheme=https
uag=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
colo=BEG
spdy=h2
http=h2
loc=RS
tls=TLSv1.3
sni=plaintext
Over Mobile
fl=120f4
h=www.mrdjaphoto.com
ip=212.200.65.92
ts=1542410409.119
visit_scheme=https
uag=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
colo=BEG
spdy=h2
http=h2
loc=RS
tls=TLSv1.3
sni=plaintext
Alright, hang on though, what is the exact issue? The error you mentioned or the mixed content issue I referred to?
Chrome browser gets an error: ERR_CERT_AUTHORITY_INVALID
Thats once again different from the screenshot you posted
Anyhow, you are using the same PoP for both connections, so it shouldnt be a certificate issue. Considering it listed the same user agent I’d also assume you tested it from the same device, hence we should be able to rule that out as well.
One other explanation I might have is that the connection is actually “hijacked” over your WiFi connection, but for that we’d need to have a screenshot of the certificate it presents to you. Opening a support ticket might possibly be the best course of action.
At this point I’d really look into which certificate it tries to hand you. That might very well be a local issue with your Wifi connection. Can you check that?
How can I do that?
Did you install a Cloudflare Origin certificate on your server? That seems to be what you get when you request it on the Wifi connection.
However that contradicts the trace output earlier and thinking of it, you should have got that error for that URL as well. I am afraid something doesnt add up here.
