Cloudflare's Origin Certificates are not valid certificates

Why?

p.s. The hosting does not accept the certificate, swears: suspicion of using the Cloudflare certificate :slight_smile:

As the docs say, Origin Certs are only recognized by Cloudflare for sites proxied by Cloudflare.

The host might need the Root CA (Step 4) to verify the cert.
https://developers.cloudflare.com/ssl/origin-configuration/origin-ca

3 Likes

where can I install it on the hosting

in my installer on the hosting: KEY, CSR and CERTIFICATE

The certificate uploaded is NOT for the domain name (was seen) .

this hosting post, tried to install from step 4 the Cloudflare Origin RSA PEM certificate

I added the domain on which the self-signed certificate is installed, Cloudflare determined the Full mode itself, but half a day has passed and https shows me an unsecured connection with an invalid self-signed certificate - NET::ERR_CERT_AUTHORITY_INVALID

when will Cloudflare start?

all sorts of testers show that Cloudflare SSL is CORRECTLY installed on the domain and sait is available via HTTPS)))

1 Like

Full Strict will work with a self signed certificate?

no, of course he’s a self signed

I gave it myself on my PC for 100 years :slight_smile:

Full mode is for: Encrypts end-to-end, using a self signed certificate on the server

и при чём тут вопрос о сертификатах Cloudflare, ты спрятал мой вопрос от знатоков

I described everything

I INSTALLED A SELF-SIGNED certificate, I issued it to my domain myself

now I use it in FULL mode - Encrypts end-to-end, using a self signed certificate on the server

CF does not work

Works just fine for me. Perhaps you have a DNS caching issue.

1 Like

caching where?

On your DNS resolver, on your local machine? Unclear. Your host in DNS should resolve to 2 Cloudflare IPs.

;; ANSWER SECTION:
example.ml.	300	IN	A	104.21.59.95
example.ml.	300	IN	A	172.67.174.190

it feels good

1

Yes, works just fine for the rest of the world, but not for you… so your machine or local resolver likely has a DNS caching issue. Because the cert presented is Cloudflare’s edge cert which is signed by a vlid CA. That you receive an error with your self signed cert means you are not connecting to Cloudflare’s edge IPs.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.