Was the site working with SSL prior to adding it to Cloudflare?
No
What is the current SSL/TLS setting?
Flexible
What are the steps to reproduce the issue?
Hi all, I setup Cloudflare SSL on a GoDaddy Wordpress site yesterday and it is working only intermittently. Sometimes the site loads with SSL and other times I get the N ET::ERR_CERT_AUTHORITY_INVALID (Your connection isn’t private) error. Not sure what else to do. I’ve installed and configured the Really Simple SSL and Cloudflare plug-ins in Wordpress. I’ve checked the certificate in various checkers and the certificate is fine. There are no mixed-content problems. It’s been almost 24 hours since setup. Anyone else have this problem?
If it happens again for you, take a look at the details of the SSL certificate in the browser for the error which will tell you where it is coming from.
Change this to “Full (strict)” otherwise the connection between Cloudflare and your origin is not encrypted. If that gives any problems, ensure the SSL certificate on your origin server is trusted and valid.
Thanks for the Cloudflare setup check. Lots of good info there. All seems okay there, right?
I enabled FULL in Cloudflare but the origin server doesn’t have a certificate other than self-signed, so I’m not sure how much use FULL is right now.
The certificate I receive when I get the NET::ERR_CERT_AUTHORITY_INVALID error is the self-signed one. It’s a highly annoying problem. DNS checkers shows the records have fully propagated, so I think I can rule DNS out as the cause.
Get a certificate from LetsEncrypt or use a Cloudflare origin certificate, and use “Full (strict)”. Anything else is insecure.
Then for some reason you are getting the IP address of your origin server instead of the Cloudflare IP addresses for your site. Try on another network or another machine to work out what is resolving wrongly.
This is helpful thanks. I think it’s a problem with DNS resolving on my local setup. I installed the Cloudflare origin certificate on GoDaddy cPanel and now I’m getting the Origin certificate instead of the self-signed one, so it does seems like it’s a resolution problem. Can you check the site and see if you are getting the pad-lock?
It’s a highly annoying problem. DNS checkers shows the records have fully propagated, so I think I can rule DNS out as the cause.