Https certificate errors

Hello,

I just signed up with Cloudflare and I am evaluating the free feature at the moment.
I have followed the process in the initial wizard to add my website and have changed the name servers on godaddy.com (where my website is hosted).

I have also installed the “Cloudflare Flexible SSL” v1.3.0 by “One Dollar Plugin” on wordpress.
The Universal SSL Status on cloudflare under “crypto” menu is “Active Certificate”.

My website over “http” is working fine but I when I use “https” from “any” device and “any” browser, I get Certificate Errors as below:

Chrome [Version 73.0.3683.86 (Official Build) (64-bit)] shows:
-----------------------------------
Your connection is not private
Attackers might be trying to steal your information from ........ (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
-----------------------------------

Firefox [v66.0.2 (64-bit)]:
-----------------------------------
Warning: Potential Security Risk Ahead

Firefox detected a potential security threat and did not continue to ……..If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.
-----------------------------------------------

Microsoft Edge :
-----------------------------------
This site is not secure

This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.


Go to your Start page
Details 
Your PC doesn’t trust this website’s security certificate.
Error Code: DLG_FLAGS_INVALID_CA
-----------------------------------------

Using Chrome Browser from my Android v9.0 mobile also shows:
---------------------------------------------------
Your connection is not private
Attackers might be trying to steal your information from ….....(for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
-----------------------------------------------

Anyone faced this issue ?

Thanks in advance.

First you need to know how Flexible works. In a few words: The connection between your visitor and Cloudflare is encrypted. Cloudflare redirects the traffic to Port 80 on your server. So this part is unencrypted

I suspect that there’s something wrong with your DNS Setup and this warning comes straight from your origin which presents a self signed certificate.

The community doesn’t have access to your account data. Would you mind telling us the domain? We can have a deeper look into it then

1 Like

Thanks for your reply Mark - I know how Flexible works.
I already updated the name servers on godaddy as requested by cloudflare.

I wasn’t sure about the “self-signed certificate” though, so thought should check the certificate contents. However, upon opening the website now, it is opening fine and the certificate is issued by cloudflare. May be it needed some time even after the certificate says “Active” under the crypto menu ? anyhow the issue seems resolved now.

Thanks for taking the time in responding.

This topic was automatically closed after 30 days. New replies are no longer allowed.