Free SSL cert questions

Website, Application, Performance Security
1

I installed free ssl certificate on my website tomanzi.com.ng, wholesale.tomanzi.com.ng, warehouse.tomanzi.com.ng from cloudflare some days ago, and it was successful but the SSL/TLS Status is still having problems on my cpanel.

Please check the attachments :point_down::point_down::point_down::point_down:: for better understanding:

Please help solve these issues

20230608_171327
20230608_1713271836Ă—3264 247 KB

![20230608_171513|281x500]
(upload://43fYZT2jmCtcduU2IbPswhDosdX.jpeg)

2

Given from cPanel AutoSSL, or Cloudflare Origin CA certificate, or some other? :thinking:

If you’ve used and generated a Cloudflare Origin CA certificate, it would always show some alert in cPanel interface since it’s self-signed one which works only for HTTP(S) traffic while using Cloudflare proxy :orange: . Meaning, your e-mail related services wouldn’t function and work at all. cPanel wouldn’t be able to renew it neither. To get rid of cPanel AutoSSL notifications, uncheck it from renewing process.

Otherwise, stick to the cPanel AutoSSL, use Full SSL (not strict), and make sure to allow both HTTP and HTTPS traffic so cPanel AutoSSL can renew it. Nevertheless, allowing HTTP traffic IMHO isn’t the best practice nowadays.

I’d rather keep it secured & safe, including the Full SSL (Strict).

There are posts around some workaround(s) here about this topic too. Sharing below, hope it helps. In the meantime, feel free to write back.

From the shared screenshot above, you also have deep-subdomain issue like the www.wholesale.tomanzi.com.ng which can be fixed by using the Advanced Certificate Manager:

2 Likes
3

2 CHALLENGING SSL ISSUES:

  1. My domain and subdomain is showing not :no_entry_sign: secured :unlock::unlock::unlock: on Android but is secured :lock: on desktop. tomanzi.com.ng, wholesale.tomanzi.com.ng, warehouse.tomanzi.com.ng Please check attachments for better understanding :point_down::point_down::point_down::point_down::point_down::point_down:

  2. Domain SSL/TLS STATUS is showing this and I don’t understand :point_down::point_down:

The certificate has the For following errors: Certificate #2 (ST=California,L=San

Francisco,OU=Cloudflare Origin

SSL Certificate

Gene Authority,O=Cloudflare, Inc.,C=US) has 2 validation Current User errors:

tonSELF_SIGNED_CERT_IN_CHAIN, CERT_HAS_EXPIRED.

Please help me for solutions :pray::pray::pray::pray:

Screenshot_20230608-224307
Screenshot_20230608-2243071080Ă—1920 100 KB

)

5

Screenshot_20230608-224358
Screenshot_20230608-2243581080Ă—1920 103 KB

6

Screenshot_20230608-224246
Screenshot_20230608-2242461080Ă—1920 103 KB

7

The Untrusted notification is to be expected when you make a direct connection to a hostname that uses a Cloudflare Origin CA certificate. Cloudflare Origin CA certificates are not trusted by web browsers and are used to secure the connection between the origin server and the Cloudflare proxy. When you use a Cloudflare Origin CA certificate with a record that is :orange: Proxied, you will not see the Untrusted notification because Cloudflare trusts that certificate.

Set the :grey: to :orange: and it should fix that.

2 Likes
8

Mr epic.network, I have spent almost 5 days on cloudflare community, my problem not solved, I have message before and you replied:
Please do not open duplicate topics. It dilutes resources and makes it take longer for you and others to receive assistance.

Duplicate of Free SSL cert questions

Please :pray: how can I get my problem solved. I’m having 4 issues with my domain since I changed my namesavers to cloudflare, I have scroll almost all the topics but still can’t fix my problem please can you help solve my issues,

9

@tonyokolie51 have you followed the advice given in the most recent reply by @epic.network on your thread

10

Set the :grey: to :orange: and it should fix that. Please can you use examples where to do this because I don’t understand

11

And my domain on mobile :calling: showing not secured​:unlock:
But on desktop :desktop_computer: is secured​:lock:
Please how can I fix this

Screenshot_20230612-120405
Screenshot_20230612-1204051080Ă—2340 109 KB

12

Rather than replying on another thread @tonyokolie51, please continue the discussion here.

From what I can see the domain is proxied

$ dig tomanzi.com.ng
tomanzi.com.ng.		300	IN	A	172.67.203.95
tomanzi.com.ng.		300	IN	A	104.21.52.200

The site also loads with SSL for me on both mobile and desktop.

Have you tried accessing the site on a different device to rule out the possibility of an issue with the device you are using?

13

Thank you so much for this, you are good
It loads in another device.
So how will I fix this on my device?

14

Because I have clear all my cache like more than 30 times But still the same issues since 5 days now

15

@tonyokolie51, you should also make sure your encryption mode is Full Strict, otherwise none of the certificates will be validated and the site will still be insecure. As @fritex already wrote.

16

Yes I did that 2 days ago

17

This is outside of my scope of knowledge unfortunately.

20

This is my DNS records
Please help me check if there is mistake from here.

21

20230612_185545
20230612_1855451506Ă—3264 176 KB

24

They all appear correct.

25

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.