Cloudflare's Origin Certificates are not valid certificates

Why?

p.s. The hosting does not accept the certificate, swears: suspicion of using the Cloudflare certificate :slight_smile:

As the docs say, Origin Certs are only recognized by Cloudflare for sites proxied by Cloudflare.

The host might need the Root CA (Step 4) to verify the cert.
https://developers.cloudflare.com/ssl/origin-configuration/origin-ca

3 Likes

where can I install it on the hosting

in my installer on the hosting: KEY, CSR and CERTIFICATE

The certificate uploaded is NOT for the domain name (was seen) .

this hosting post, tried to install from step 4 the Cloudflare Origin RSA PEM certificate

I added the domain on which the self-signed certificate is installed, Cloudflare determined the Full mode itself, but half a day has passed and https shows me an unsecured connection with an invalid self-signed certificate - NET::ERR_CERT_AUTHORITY_INVALID

when will Cloudflare start?

all sorts of testers show that Cloudflare SSL is CORRECTLY installed on the domain and sait is available via HTTPS)))

1 Like

Full Strict will work with a self signed certificate?

no, of course he’s a self signed

I gave it myself on my PC for 100 years :slight_smile:

Full mode is for: Encrypts end-to-end, using a self signed certificate on the server

и при чём тут вопрос о сертификатах Cloudflare, ты спрятал мой вопрос от знатоков

I described everything

I INSTALLED A SELF-SIGNED certificate, I issued it to my domain myself

now I use it in FULL mode - Encrypts end-to-end, using a self signed certificate on the server

CF does not work

Works just fine for me. Perhaps you have a DNS caching issue.

1 Like

caching where?

On your DNS resolver, on your local machine? Unclear. Your host in DNS should resolve to 2 Cloudflare IPs.

;; ANSWER SECTION:
example.ml.	300	IN	A	104.21.59.95
example.ml.	300	IN	A	172.67.174.190

it feels good

1

Yes, works just fine for the rest of the world, but not for you… so your machine or local resolver likely has a DNS caching issue. Because the cert presented is Cloudflare’s edge cert which is signed by a vlid CA. That you receive an error with your self signed cert means you are not connecting to Cloudflare’s edge IPs.