Cloudflare origin certifcate - ERR_CERT_AUTHORITY_INVALID

Security
#1

Hello, i’m struggling with setting Cloudflare origin certificate on my domain (https://dziopak.pl). I successfully created certificate, pasted it to my cpanel (with private key and RSA root of course), but all browsers show me this message:

NET::ERR_CERT_AUTHORITY_INVALID

Here is my DNS config:

image
image1024×402 22.1 KB

I’m hosting my website on Hostinger.

If anyone could help me with that i would be more than just greatful :slight_smile:

Thanks in advance

#2

The cert looks OK to me. You may have had a local DNS cache.

There are two problems visible in your DNS records. The ftp entry is :orange:, but needs to be :grey:, as Cloudflare does not proxy the ftp protocol. You also have two SPF TXT records, which causes both of them to be ignored. Also, as all the relevant records are proxied, you should set the “Always Use HTTPS” option on the Cloudflare dashboard.

1 Like
#3

image
image1078×438 24.2 KB

Is that correct now? I also get this notification now:

image
image1060×145 8.97 KB

#4

I suspect your SPF record should have been the merge of the two records, something like this (I have not tested that this record is valid, so don’t use without doing your own testing):

v=spf1 include:eu.mailgun.org include:spf.flockmail.com include:spf.mx.hostinger.com include:relay.mailchannels.net ~all

The warning you are getting is unavoidable as long as you are running your origin web server and ftp server on the same IP address. Your options include accepting that anybody can find out your origin IP address and directly attack it, use a less obvious name than ‘ftp’, don’t use a DNS entry at all and just use the IP address, or get a different IP address from your hosting provider to run FTP on.

#5

OK, fixed that. But coming back to SSL, i was messing a little bit with Edge and Client certificates too (i know, i don’t have much knowledge in this area so i shouldn’t touch it ;D), maybe that is the reason of my issue? I generated both client and edge certificates, which are still active, although i have only my Origin Certificate in cpanel.

#6

OK, nevermind, i’ll just order SSL from Hostinger :slight_smile:
Anyway, thanks for help, especially for showing me my DNS issues.

#7

This topic was automatically closed after 30 days. New replies are no longer allowed.