I have created the Origin CA certificate in Cloudflare and installed it in cPanel.
I have Universal SSL active in Full (strict) mode on valentinvica.com. It shows as “Unknown Certificate Type” in SSL/TLS Status.
Everything seems to work as expected, however in cPanel’s General Information I see No Valid Certificate for the domain and the error SELF_SIGNED_CERT_IN_CHAIN.
I couldn’t find any info on this type of error. Did something go wrong or can this notification be safely ignored?
A Cloudflare Origin Certificate is only valid to Cloudflare when proxying. It is not considered publicly valid which is why you see that warning message. As long as you are using Cloudflare on the domain where you have the origin certificate, it should all be fine and is nothing to worry about.
The issue here does not seem to be a browser warning, but rather that cPanel cant validate the certificate. I am not quite sure why it complains about a self-signed certificate in the chain, as there eventually always is a self-signed certificate in the chain, but it could simply be because it expects a certificate which is signed by a publicly recognised authority, which origin certificates are not.
@valentinvica, what you could try is to import the root certificate from https://support.cloudflare.com/hc/en-us/articles/115000479507-Managing-Cloudflare-Origin-CA-certificates#h_30cc332c-8f6e-42d8-9c59-6c1f06650639, however considering it does refer to a self-signed certificate I’d assume it already has got that certificate somehow. If that is the case, you really dont need to worry.
In this case I would assume my description could be spot on and the system complains because it doesnt recognise the certificate chain as publicly trusted.
One approach that could work - if you want to get rid of that warning - is to add the root certificate to either the overall system CA store or to the one used by cPanel. In that case it might just recognise it as publicly trusted as well.
This topic was automatically closed after 30 days. New replies are no longer allowed.