ERR_CERT_AUTHORITY_INVALID with Argo Tunnel

Help, I’m a novice with SSL.

Problem with SSL Origin Certificate. The site is proxied through cloudflare, using argo tunnel to a local ‘development’ wordpress site. (Argo Tunnel may be a red-herring)

Setup is Full (strict), and Proxy is turned on. (Have also tried just Full)

The certificate I checked and is the origin certificate provisioned in Apache.
Various SSL checkers give it a clean bill of health.

What to look at next?

Your connection is not private

Attackers might be trying to steal your information from blog.ramshacklum.com (for example, passwords, messages, or credit cards). Learn more

NET::ERR_CERT_AUTHORITY_INVALID
Subject: CloudFlare Origin Certificate
Issuer: CloudFlare, Inc.
Expires on: Oct 18, 2036
Current date: Oct 22, 2021
PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIUANVe+SXwekZ4yoaA0t4PiuMHHU4wDQYJKoZIhvcNAQEL
BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw
MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9y
aXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MB4XDTIxMTAyMjE1NTIwMFoXDTM2MTAxODE1NTIwMFowYjEZMBcGA1UEChMQQ2xv
dWRGbGFyZSwgSW5jLjEdMBsGA1UECxMUQ2xvdWRGbGFyZSBPcmlnaW4gQ0ExJjAk
BgNVBAMTHUNsb3VkRmxhcmUgT3JpZ2luIENlcnRpZmljYXRlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9/SnlNvN1+6hR0zRd3uYiQqv32PmkwgXNPWQ
3EihnnyfBX3Alzax1Bh6v95TM5Ch+CpaCS6QgpzMjFnevHloIjm0SPtubQnQEFmI
NeVAioeReSXFEZa4xif6E6OK/oYjiNmnJJNfCWVz+hKG989Q0+0Oq3fp3CRnUy6h
O4g5Ro+ec/ZHbFKjGrrU9KthwmzfN5ZzsZoFmcwyDOMOYjEAe2LRE777/5xvoSXQ
J8EvXhhCjgqXUKyi39Bg+Ct6jWnkb//+5klPdZCou+qPLpPe61ohpZUgwGn4MTxk
ZyD/vVg1Rfqyd8jjGWt06cV3Lnm/T9kkfJ7NkD6AACBBKMOwIQIDAQABo4IBLDCC
ASgwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQwUDD0w+o2MBCtDLOnPiyPy1XwwTAf
BgNVHSMEGDAWgBQk6FNXXXw0QIep65TbuuEWePwppDBABggrBgEFBQcBAQQ0MDIw
MAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmNsb3VkZmxhcmUuY29tL29yaWdpbl9j
YTAtBgNVHREEJjAkghEqLnJhbXNoYWNrbHVtLmNvbYIPcmFtc2hhY2tsdW0uY29t
MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuY2xvdWRmbGFyZS5jb20vb3Jp
Z2luX2NhLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAXL8ED48J3CXh7Kdw91iokiNR
2YlTkz9iYxVdbAsGEurEngGgEQfxDx0YOw6x3n/2PPyfihv731FUdWz5XsxeX2ZT
H6etcNg76tGkD6kwAn1yK89CT4oU//ePXla+w0M5z1srzwV6EtibOLfAJFLgtRTf
aBxG+D8htWPhqT11DgL52Oyu4MQrhSuQJFAkMFSISxD/q+hrAV++uB5RTqQKE7iV
GMuzIrWFuW0liWwFASqMHavXeuyv9kMavTje3Bz/uQYPZYCm1NczzP2xZERs9mWf
hsBOf1mt2Nemqr7l1lnT54F7FZCf8+CV7KqTtAwX6npF9v4gS7FGuO22JCPTYw==
-----END CERTIFICATE-----

I’m seeing a 502 Bad Gateway error, which is somewhat a relief because I don’t know how you’d end up with an origin cert showing up on a Cloudflare Tunnel hostname. Maybe your local DNS points to the wrong place.

The 502/504 errors are caused by a problem connecting to an upstream server - meaning your server is trying to initiate a process and this fails to work as expected or times out. In most cases of 502 / 504 errors, back-end servers are not communicating correctly. When this happens, you will see color page with Cloudflare branding and the Error 502 Bad Gateway or Error 504 Gateway Timeout. Review this Community Tip for fixing 502 or 504 gateway errors.

Had just restarted the server a couple of minutes ago, hence the other error.

If I ignore the SSL error, when the site is up, then I get the right content, but the security is wrong.

Go figure…now it’s working.

I still don’t know why you’d ever see an origin cert. Are you sure your browser isn’t directly hitting an origin server? It’s sure behaving like it’s not going through Cloudflare proxy.

I guess it’s possible that it’s hitting the origin server directly.

I did try on my Phone and Tablet, and that was doing the same, but now seem to be working OK.

Will try tracing whether the browser is hitting the server directly. Thanks

1 Like

Now I’m getting this. I suppose you’re still ironing out the kinks.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.