Community Tip - Fixing NET::ERR_CERT_AUTHORITY_INVALID

CommunityTip
dash-crypto
#1

Error
Try the suggestions in this Community Tip to help you fix NET::ERR_CERT_AUTHORITY_INVALID when visitng a site running Cloudflare.

Background
The Error NET::ERR_CERT_AUTHORITY_INVALID while visiting a site running Cloudflare indicates the certificate authority that issued the sites SSL certificate is not valid or the site is using self-signed certificate. When this happens, Chrome will display the error NET::ERR_CERT_AUTHORITY_INVALID.

Quick Fix Ideas

  1. Contact the site owner and have them get a valid certificate from a trusted certificate authority.

  2. If you are the site owner and you have a valid certificate, check the settings of your DNS tab. An :orange: means your web traffic is running through Cloudflare making your site faster, safer, and smarter. A :grey: cloud means your web traffic is not running through Cloudflare. Enable Cloudflare for the www subdomain and the main zone example.com to use the Cloudflare SSL Certificate.

  3. If you do not have a valid certificate you can use a Cloudflare Origin CA certificate. These are free certificates you can generate on Cloudflare to install on your origin server and will allow you to run Full (Strict).

  4. Alternatively, you can switch the SSL setting on your Crypto tab to ‘Full’ or ‘Flexible’ SSL. Note that this means Cloudflare does not validate against the certificate being served from your origin web server and is inheriently less secure than Full (Strict).

  5. You are going directly to your IP https://123.123.123.123/. What this means is that requests are going directly to your IP and won’t be going through Cloudflare. If you visit your domain https://example.com/ and you will see a valid certificate, it is because your domain is going through Cloudflare. Cloudflare Origin CA Certificate is only trusted by Cloudflare and therefore should only be used by origin servers that are actively connected to Cloudflare. If at any point you pause or disable Cloudflare, your Origin CA certificate will throw an untrusted certificate error.

  6. Should you need a certificate which covers multi-level sub-domains, you can purchase a Dedicated SSL Certificate with Custom Hostnames, where you can declare any multi-level subdomains during purchase.

  7. There is a redirect loop occurring on your origin server which may break the SSL chain. Test this by bypassing Cloudflare and make a request directly against your origin server. The preferred recommendation to correct the HTTPS redirects is using the Cloudflare “Always Use HTTPS” function on the Crypto tab of your Cloudflare dashboard. Alternatively, this can be done through a Page Rule.

  8. Wait 24-hours, it may just be a timing issue that will resolve itself. Wait 24-hours and try again.

Lite Reading

Background Resources
Knowledge Base
YouTube

Research The Issue
Community
Google

If You Need More Help
This community of other Cloudflare users may be able to assist you, if not, login to Cloudflare and then contact Cloudflare Support. When you contact support, make sure to include as much of this information as possible: the specific error message you are seeing, the URLs this is happening on, screen shot of the error, steps to reproduce the error, and HAR file(s). Please indicate which of the Quick Fix Ideas you’ve tried in order to help Customer Support help you.

Expert Comments Appreciated
This Community Tip will remain open for input from Community experts and those familiar with this issue. We really appreciate comments like: “What are the three things to always try”, or “Do this first” or “In my experience”.

This is a Cloudflare Community Tip, to review past tips, click here.

Çevirmek…traduzir…翻译…traducir…Traduire…Übersetzen…:globe_with_meridians: Translate

2 Likes
Community Tip - All Published Tips
#2

Propagation issue can result this error (missing)

1 Like
closed #3

This topic was automatically closed after 30 days. New replies are no longer allowed.