Cloudflare issued certificate with full proxy shows not secured

My website which was working fine with SSL all of a sudden suddenly stopped working. It displayed NET::ERR_CERT_AUTHORITY_INVALID when the website loads. Please let me know if there is a fix.

What is the website?

i just refreshed now and it looks like the issuer changed to Google Trust Services and no longer cloudflare.

update: It only works when proxy is enabled. I used to be able to SSL with DNS only. Any reason why this suddenly stopped? If it is enabled, it says that it is certified by google, if not then it says that it is cloudflare certified by invalid cert authority.

Cloudflare uses Google Trust Services and other for edge certificates, so seeing a Google certificate is expected.

When the proxy is disabled, requests go direct to your server which seems you have set up with a Cloudflare origin certificate. That certificate should only be used with the proxy as it is only trusted by Cloudflare.

It seems your edge certificate was updated earlier today so maybe you caught your site during the changeover (which should be seemless, but maybe there was a short issue). It seems to be all ok now.

2 Likes

how do you think I can go back to just DNS only but with the same cloudflare certificate?

Your site works ok at the moment. Is there a reason why you don’t want the proxy/Google certificate?

If you want to use “DNS only”, you’ll need to use another certificate as the Cloudflare origin certificate requires use of the proxy as mentioned. Also no Cloudflare protections or features can be applied to traffic for your site if you do this.

1 Like

I have had issues before with the proxied connection and I just want flexibility. Before this change, I have had cloudflare SSL without the proxy. Should I upgrade my plan and get support from their team?

That’s not possible. The Cloudflare origin server certificate isn’t trusted by browsers, only by Cloudflare.

You either need to use the proxy, or get an SSL certificate from LetsEncrypt or another CA to use on your origin server.

Well I had this set up as a cloudflare SSL with full HTTPS support without proxy. It was all working well until I integrated hubspot into the mix. I reverted it and thus I lost the capability.

Huspot uses Cloudflare so when you set to “DNS only” requests pass through their Cloudflare pipeline, not yours.

When I checked earlier you were getting a Cloudflare origin certificate, are you using Hubspot now or have you changed to another host (as the proxy is working on your site right now).

Your site appears to be working. I’m wondering if by “Cloudflare SSL” you mean you were seeing a Cloudflare-branded Digicert certificate before. If so, those are no longer available so you should expect a Google, LetsEncrypt or Sectigo certificate on your site when proxied.

1 Like

So when i had it on dns only, I still had HTTPS but a cloud. My certificate indicated novelwonderland.com but it was issued by cloudflare. I am unable to activate it again as a DNS only and am forced to just have the proxy on which is not ideal.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.