Cloudflare origin certifcate - ERR_CERT_AUTHORITY_INVALID

Hello, i’m struggling with setting Cloudflare origin certificate on my domain ( I successfully created certificate, pasted it to my cpanel (with private key and RSA root of course), but all browsers show me this message:


Here is my DNS config:

I’m hosting my website on Hostinger.

If anyone could help me with that i would be more than just greatful :slight_smile:

Thanks in advance

The cert looks OK to me. You may have had a local DNS cache.

There are two problems visible in your DNS records. The ftp entry is :orange:, but needs to be :grey:, as Cloudflare does not proxy the ftp protocol. You also have two SPF TXT records, which causes both of them to be ignored. Also, as all the relevant records are proxied, you should set the “Always Use HTTPS” option on the Cloudflare dashboard.

1 Like

Is that correct now? I also get this notification now:

I suspect your SPF record should have been the merge of the two records, something like this (I have not tested that this record is valid, so don’t use without doing your own testing):

v=spf1 ~all

The warning you are getting is unavoidable as long as you are running your origin web server and ftp server on the same IP address. Your options include accepting that anybody can find out your origin IP address and directly attack it, use a less obvious name than ‘ftp’, don’t use a DNS entry at all and just use the IP address, or get a different IP address from your hosting provider to run FTP on.

OK, fixed that. But coming back to SSL, i was messing a little bit with Edge and Client certificates too (i know, i don’t have much knowledge in this area so i shouldn’t touch it ;D), maybe that is the reason of my issue? I generated both client and edge certificates, which are still active, although i have only my Origin Certificate in cpanel.

OK, nevermind, i’ll just order SSL from Hostinger :slight_smile:
Anyway, thanks for help, especially for showing me my DNS issues.

This topic was automatically closed after 30 days. New replies are no longer allowed.