Cloudflare cert ERR_CERT_AUTHORITY_INVALID

When I try to access my page via HTTPS: https://www.mrdjaphoto.com, I get an error ERR_CERT_AUTHORITY_INVALID

Universal SSL Status Active Certificate

https://www.sslshopper.com/ssl-checker.html#hostname=https://www.mrdjaphoto.com

Everything seems ok still my webpage is not secured.

Any ideas of why this is?

The certificate works for me, though you seem to have mixed content. However that is a different issue from an invalid CA.
image

Make sure you are not using any outdated DNS records.

You mean that you can access the page without this error?

Precisely.

Still experiencing the same error. Can you point me to how to resolve this and DNS issue? Thank you!

And here is the DNS list.

A admin points to 160.153.131.219 Automatic Delete
A mail points to 160.153.131.219 Automatic Delete
A mrdjaphoto.com points to 160.153.131.219 Automatic Delete
CNAME autodiscover is an alias of autodiscover.outlook.com Automatic Delete
CNAME cpanel is an alias of mrdjaphoto.com Automatic Delete
CNAME email is an alias of email.secureserver.net Automatic Delete
CNAME lyncdiscover is an alias of webdir.online.lync.com Automatic Delete
CNAME msoid is an alias of clientconfig.microsoftonline-p.net Automatic Delete
CNAME sip is an alias of sipdir.online.lync.com Automatic Delete
CNAME webdisk.admin is an alias of mrdjaphoto.com Automatic Delete
CNAME webdisk is an alias of mrdjaphoto.com Automatic Delete
CNAME whm is an alias of mrdjaphoto.com Automatic Delete
CNAME www.admin is an alias of mrdjaphoto.com Automatic Delete
CNAME www is an alias of mrdjaphoto.com Automatic Delete
MX mrdjaphoto.com mail handled by mrdjaphoto-com.mail.protection.outlook.com0 Automatic Delete
SRV _sip._tls.mrdjaphoto.com. SRV 100 1 443 sipdir.online.lync.com. Automatic Delete
SRV _sipfederationtls._tcp.mrdjaphoto.com. SRV 100 1 5061 sipfed.online.lync.com. Automatic Delete
TXT mrdjaphoto.com google-site-verification=D0n7Qw4JNQbaTMMOKHbSfZUif-o1atcXTTr_ClGozqs Automatic Delete
TXT mrdjaphoto.com NETORGFT4342720.onmicrosoft.com Automatic Delete
TXT mrdjaphoto.com v=spf1 include:spf.protection.outlook.com -all Automatic

That is not the error you mentioned but another one, most likely the mixed content I referred to earlier.

1 Like

Your should be able to click on the ! icon and find out some details. In Google Chrome, click on the small shield you’ll see on the right side of the address bar, there is a script that is not loading over https, that is the mixed content issue @sandro pointed out. I do not see the invalid CA you posted about orginally.

After some testing, I can confirm that I have a problem with SSL when I access my website over home wifi but when I connect over the mobile internet it works fine.

1 Like

Can you post the output of https://www.mrdjaphoto.com/cdn-cgi/trace from both connections?

Over WiFi
fl=120f1
h=www.mrdjaphoto.com
ip=178.148.94.240
ts=1542410321.166
visit_scheme=https
uag=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
colo=BEG
spdy=h2
http=h2
loc=RS
tls=TLSv1.3
sni=plaintext

Over Mobile
fl=120f4
h=www.mrdjaphoto.com
ip=212.200.65.92
ts=1542410409.119
visit_scheme=https
uag=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
colo=BEG
spdy=h2
http=h2
loc=RS
tls=TLSv1.3
sni=plaintext

Alright, hang on though, what is the exact issue? The error you mentioned or the mixed content issue I referred to?

Chrome browser gets an error: ERR_CERT_AUTHORITY_INVALID

Thats once again different from the screenshot you posted

Anyhow, you are using the same PoP for both connections, so it shouldnt be a certificate issue. Considering it listed the same user agent I’d also assume you tested it from the same device, hence we should be able to rule that out as well.

One other explanation I might have is that the connection is actually “hijacked” over your WiFi connection, but for that we’d need to have a screenshot of the certificate it presents to you. Opening a support ticket might possibly be the best course of action.

Here it is. Now I connected my phone to wifi and its the same thing.

At this point I’d really look into which certificate it tries to hand you. That might very well be a local issue with your Wifi connection. Can you check that?

How can I do that?

Did you install a Cloudflare Origin certificate on your server? That seems to be what you get when you request it on the Wifi connection.

However that contradicts the trace output earlier and thinking of it, you should have got that error for that URL as well. I am afraid something doesnt add up here.


Done that.