Cloudflare SSL/TLS

I have setup Cloudflare SSL/TLS on my website hosted on namecheap but I get the ‘NET::ERR_CERT_AUTHORITY_INVALID’ when visiting the site on chrome. All other browers don’t like the certificate either. What may be causing this?

What I have done / checked

  • All DNS records have been proxied (orange logo) and I have added records for www.

  • Certificate added to cpanel: (CRT), Private Key (KEY) and Certificate Authority Bundle: (CABUNDLE)

  • SSL/TLS encryption mode is Full (strict)

On Namecheap SSL checker, it says that it’s all good to go, but I’m so unsure why I still have errors.https://decoder.link/sslchecker/stablepass.com/443

It looks like you just had turned on proxy for it. It loads fine for me now, but for the first few loads it was serving me Cloudflare’s Origin Certificate, which is only trusted by the Cloudflare Proxy, so you need proxy on for it to work. If it’s still not working for you, it’s probably DNS Cache.

3 Likes

Thanks for your responce.

Very strange as I haven’t changed any settings after posting this. I will attempt to purge DNS cache, waiting a bit and see.

On my side I still get the error.

Yea, that’s your origin’s cert (i.e you’re still connecting to it directly instead of through Cloudflare), instead of the Let’s Encrypt Universal Cert Cloudflare issued, and is serving, for your site. If you’re using your ISP’s DNS Resolver, some of them ignore Cache TTLs and will cache items for way longer. The proxied DNS Record is definitely propagated: DNS Checker - DNS Check Propagation Tool, so it should still just be local dns cache, or your ISP Resolver.

You could try switching your DNS Resolver to 1.1.1.1 Set up 1.1.1.1 on macOS · Cloudflare 1.1.1.1 docs and clearing local cache (which depends on your operating system)

It wasn’t that you changed it after, but likely that you tried visting your site before you proxied it (or if you switched DNS to Cloudflare from some other DNS, you could have that result from old DNS still cached)

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.