cPanel shows No Valid Certificate for installed Cloudflare Origin CA

valentinvica · August 17, 2019, 9:14am

I have created the Origin CA certificate in Cloudflare and installed it in cPanel.

I have Universal SSL active in Full (strict) mode on valentinvica.com. It shows as “Unknown Certificate Type” in SSL/TLS Status.

Everything seems to work as expected, however in cPanel’s General Information I see No Valid Certificate for the domain and the error SELF_SIGNED_CERT_IN_CHAIN.

I couldn’t find any info on this type of error. Did something go wrong or can this notification be safely ignored?

domjh · August 17, 2019, 10:18am

Hi @valentinvica,

A Cloudflare Origin Certificate is only valid to Cloudflare when proxying. It is not considered publicly valid which is why you see that warning message. As long as you are using Cloudflare on the domain where you have the origin certificate, it should all be fine and is nothing to worry about.

sandro · August 17, 2019, 11:31am

The issue here does not seem to be a browser warning, but rather that cPanel cant validate the certificate. I am not quite sure why it complains about a self-signed certificate in the chain, as there eventually always is a self-signed certificate in the chain, but it could simply be because it expects a certificate which is signed by a publicly recognised authority, which origin certificates are not.

@valentinvica, what you could try is to import the root certificate from https://support.cloudflare.com/hc/en-us/articles/115000479507-Managing-Cloudflare-Origin-CA-certificates#h_30cc332c-8f6e-42d8-9c59-6c1f06650639, however considering it does refer to a self-signed certificate I’d assume it already has got that certificate somehow. If that is the case, you really dont need to worry.

sandro · August 17, 2019, 6:52pm

In this case I would assume my description could be spot on and the system complains because it doesnt recognise the certificate chain as publicly trusted.

One approach that could work - if you want to get rid of that warning - is to add the root certificate to either the overall system CA store or to the one used by cPanel. In that case it might just recognise it as publicly trusted as well.

system · September 16, 2019, 9:15am

This topic was automatically closed after 30 days. New replies are no longer allowed.

Topic		Replies	Views
I got this Security	2	908	July 27, 2023
Origin Certificate on cPanel server works for https but not for Mail Security	3	2027	February 16, 2021
Invalid Origin SSL Certificate, but its Valid Security	1	1971	March 1, 2022
Self signed SSL Security	4	2620	December 15, 2021
SSL certificate ERROR, cert has expired Security	2	1550	April 7, 2023

cPanel shows No Valid Certificate for installed Cloudflare Origin CA

Related topics