Cloudflare Origin CA certificate not trusted

hello my i installed a Cloudflare Origin CA certificate onto cyber panel and it shows it is installed correctly but it isnt showing “trusted in google chrome” it is still saying connection insecure.

also i have a lets encrypt certificate on. but when i remove that certificate than visit the website Cloudflare blocks me from visiting the website saying there is no ssl.

also the standard lets encrypt certificate shows that it isnt trusted either because it is self signed.

desired outcome is to have a trusted certificated from Cloudflare on the server.

thanks for any help! im lost.

That sounds like the correct behavior. A Cloudflare origin certificate isn’t issued by a Trusted certificate authority. Connecting to the origin server directly will result in that error. Connection to a proxied host by Cloudflare will not.

You f you don’t wish to proxy a host through Cloudflare you will need to get a certificate issued by a trusted CA directly from them.

what do you mean by this - Connection to a proxied host by Cloudflare will not. i do have my domain on cf and it is proxied.

Perhaps you are actually having a mixed content error rather than an issue with your certificate?

https://support.cloudflare.com/hc/en-us/articles/200170476-Troubleshooting-mixed-content-errors

i am already forcing https like it mentions.

i am wondering, should i have both cloudflares certificate and the “default certificate that the server gave me” or just remove the default

another thing i want to add is this is on a lightspeed server. in the documentation i did see mention of " apache and nigix (spelled that wrong) but does the set up of this matter for a lightspeed server?

like rsa vs ecc Private key type , or the Key Format

Ubuntu 20.04 / litespeed server

As @cscharff already wrote, you cannot use an Origin certificate with your browser but need that DNS entry proxied. If you say you do have it proxied, then you may have a propagation issue. Make sure that you do connect via the proxies.

Otherwise, what’s the domain?