Free SSL cert questions

Free SSL cert questions

Given from cPanel AutoSSL, or Cloudflare Origin CA certificate, or some other? :thinking:

If you’ve used and generated a Cloudflare Origin CA certificate, it would always show some alert in cPanel interface since it’s self-signed one which works only for HTTP(S) traffic while using Cloudflare proxy :orange: . Meaning, your e-mail related services wouldn’t function and work at all. cPanel wouldn’t be able to renew it neither. To get rid of cPanel AutoSSL notifications, uncheck it from renewing process.

Otherwise, stick to the cPanel AutoSSL, use Full SSL (not strict), and make sure to allow both HTTP and HTTPS traffic so cPanel AutoSSL can renew it. Nevertheless, allowing HTTP traffic IMHO isn’t the best practice nowadays.

I’d rather keep it secured & safe, including the Full SSL (Strict).

There are posts around some workaround(s) here about this topic too. Sharing below, hope it helps. In the meantime, feel free to write back.

From the shared screenshot above, you also have deep-subdomain issue like the www.wholesale.tomanzi.com.ng which can be fixed by using the Advanced Certificate Manager:

2 Likes

The Untrusted notification is to be expected when you make a direct connection to a hostname that uses a Cloudflare Origin CA certificate. Cloudflare Origin CA certificates are not trusted by web browsers and are used to secure the connection between the origin server and the Cloudflare proxy. When you use a Cloudflare Origin CA certificate with a record that is :orange: Proxied, you will not see the Untrusted notification because Cloudflare trusts that certificate.

Set the :grey: to :orange: and it should fix that.

2 Likes

@tonyokolie51 have you followed the advice given in the most recent reply by @epic.network on your thread

Rather than replying on another thread @tonyokolie51, please continue the discussion here.

From what I can see the domain is proxied

$ dig tomanzi.com.ng
tomanzi.com.ng.		300	IN	A	172.67.203.95
tomanzi.com.ng.		300	IN	A	104.21.52.200

The site also loads with SSL for me on both mobile and desktop.

Have you tried accessing the site on a different device to rule out the possibility of an issue with the device you are using?

@tonyokolie51, you should also make sure your encryption mode is Full Strict, otherwise none of the certificates will be validated and the site will still be insecure. As @fritex already wrote.

This is outside of my scope of knowledge unfortunately.

this on my device

They all appear correct.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.