Cloudflare root certificate untrusted (again?)

Hi,
I accidentally removed my site (zeitra.net) from Cloudflare, but added it again right after.
Now it seems that I have the following problem again, as already written in a post of mine (My old issue).

Attached are a few screenshots.


SSL - Check


Check if Cloudflare is enabled


Cloudflare diagnostics

After not changing anything except adding my page again, I am wondering how this error is caused. I get this message when navigating to my website


Invalid certificate warning

There was already a problem with the free plan and the nameservers Amy and Kaiser in the past, could it go in this direction again?

Thanks in advance!

Open the certificate it’s presenting to you on that page and see which certificate in the chain it doesn’t trust.

Thank you for your quick reply.
I checked again today and found that it suddenly works, however according to the browser the certificate currently in use is a GTS CA 1P5 certificate - which as far as I understand is a backup certificate from Cloudflare that is deployed automatically. Is there any way I can get back to my “default” certificate here?

Backup certificate was the initial rollout iirc but DigiCert is being deprecated as a CA & GTS will be taking it’s spot as an available CA for Cloudflare certificates.

tl;dr not that I’m aware of, GTS is a fully valid certificate that may be issued for your site by Cloudflare.

Oh, i didn´t know that! Well, learned something new again!
Thank you very much for clearing things up!

Just received a notification about this:

On September 12th, 2022, Cloudflare will deprecate DigiCert as a Certificate Authority for Universal SSL certificate orders. This change will not affect existing Universal SSL certificates issued through DigiCert. It will only impact new certificate orders and renewals initiated after September 12th.

What changes will go into effect?
Universal SSL certificates that currently use DigiCert as the issuing CA will be renewed with a new certificate authority. Cloudflare will choose the issuing CA and will use Let’s Encrypt or Google Trust Services to issue Universal certificates after September 12th.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.