Full strict ssl is not working

we have installed full strict ssl but in our server but it is not working

Full (strict)- Encrypts end-to-end, but requires a trusted CA or Cloudflare Origin CA certificate on the server

How exactly, is it not working? Do you get a specific error? Screenshots would be helpful. What’s the URL you get the issue on?

If you’re using Cloudflare’s Origin Certs, make sure the DNS Record is Proxied (orange cloud).
You can also try disabling proxy/dns-only the record, wait for dns cache to expire, and ensure your server is properly serving the certificate. If you’re using a publicly trusted certificate from Let’s Encrypt or elsewhere, it should work and show as secure unproxied, otherwise you have an origin configuration issue.

It is showing origin certificate not trusted for the certificate provided by Cloudflare

What is showing that? What is the domain name? What hostname in that domain are you trying to access? Is that name set to :orange: in your Cloudflare DNS?

temporary i deleted as it is not working

things what i have done is
1.we install certificate for 15 years which is generated in Origin Server Cloudflare page
2.we have put full strict
3.we have on proxy in dns

we are able to see the Cloudflare certificated fro 15 years but it is showing not secure , then we have gone and check with ssl check

it has shown the message as below and https is not showing and showing not secure - so we deleted complete setup

image.png

temporary i deleted as it is not working in www.fasak.com

things what i have done is
1.we install certificate for 15 years which is generated in Origin Server Cloudflare page
2.we have put full strict
3.we have on proxy in dns

we are able to see the Cloudflare certificated fro 15 years but it is showing not secure , then we have gone and check with ssl check

it has shown the message as below and https is not showing and showing not secure - so we deleted complete setup

image.png

That looks like the problem that @epic.network mentioned in his last post:

You need to make sure the records for your website are set to proxied, not DNS-Only.

1 Like

It will show that when you connect directly to a site using a Cloudflare Origin CA certificate. They are not public certificates. Those certificates are only for use with :orange: proxied hostnames. They secure the connection between your server and Cloudflare. The connection between the Cloudflare proxy and visitors is then secured with a public certificate deployed by Cloudflare Universal SSL (or other advanced options when required).

yesterday also we tried to again Cloudflare Origin CA certificate and we have generated it for 15 years and put those in digital ocean server .

but when we check the certificate , we are able to see cloudflare universal ssl for which we see normally only Cloudflare but not original certificate with validity 15 years - even with :orange:proxied hostnames.

so again we revert back to the changes

we are not knowing how to get solution to fix this .

At this point you may want to hire a consultant who is familiar with deploying Cloudflare Origin CA certificates. We cannot tell you anything that we haven’t already told you. If you are not understanding the directions, there is little else we can offer you.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.