That sounds like the correct behavior. A Cloudflare origin certificate isn’t issued by a Trusted certificate authority. Connecting to the origin server directly will result in that error. Connection to a proxied host by Cloudflare will not.
You f you don’t wish to proxy a host through Cloudflare you will need to get a certificate issued by a trusted CA directly from them.
another thing i want to add is this is on a lightspeed server. in the documentation i did see mention of " apache and nigix (spelled that wrong) but does the set up of this matter for a lightspeed server?
like rsa vs ecc Private key type , or the Key Format