HTTPS certificate not trusted

I have the problem as below when i try to use
pt.co.ke~ resolves to 192.185.129.4

Server Type: Apache

The certificate will expire in 5474 days. Remind me

The hostname is correctly listed in the certificate.

The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.
Common name: Cloudflare Origin Certificate
SANs: *.pt.co.ke, pt.co.ke
Organization: Cloudflare, Inc.
Valid from August 7, 2017 to August 3, 2032
Serial Number: 2f8b4845244d890b8a76c4e2eb6856a080db5529
Signature Algorithm: sha256WithRSAEncryption
Issuer: Cloudflare, Inc.

Organization: Cloudflare, Inc.
Location: San Francisco, California, US
Valid from November 13, 2014 to November 13, 2019
Serial Number: 1146955871616924775 (0xfeace49d4c67c67)
Signature Algorithm: sha256WithRSAEncryption
Issuer: Cloudflare, Inc.

Please install this Cloudflare Origin Certificate Root CA in your web server:

https://support.cloudflare.com/hc/en-us/articles/218689638

Since you use RSA certs, please install the Cloudflare Origin CA — RSA Root

Does this mean that i need 2 certificates or i just need what you have posted only ?

A Cloudflare Origin Certificate is the equivalent of a Self-Signed certificate. It’s designed for servers sitting behind Cloudflare.

Why aren’t you using Let’s Encrypt, or some other generally accepted certificate?

The error message told you to also install the intermediate/chain certificate. The link I gave you contain the chain certificate. You’ll need to install it alongside the certificate Cloudflare generated for you.

Once you install the certificate, please set SSL to Full (Strict) mode at Cloudflare Dashboard.

This is driving me crazy ,i have tried all things but i still have insecure https prompt .Below is test results from ssl test.

These results were cached from August 17, 2017, 2:52 am PST to conserve server resources.
If you are diagnosing a certificate installation problem, you can get uncached results by clicking here.

pt.co.ke resolves to 104.27.163.180

Server Type: Cloudflare-nginx

The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).

The certificate was issued by Comodo. Write review of Comodo

The certificate will expire in 190 days. Remind me

The hostname (pt.co.ke) is correctly listed in the certificate.
Common name: sni97508.Cloudflaressl.com
SANs: sni97508.Cloudflaressl.com, *.bapituah01.tk, *.chen-akademie.de, *.collagenmask.ru, *.fira-hijabonline.cf, *.flyingeagle.tk, *.gravityresearchgroup.ga, *.helosaunas.ga, *.katabijakkita.com, *.learnitalianweb.com, *.media8entertainment.com, *.modomundo.com.br, *.motorschutzrelais.cricket, *.pt.co.ke, *.sacandbarrel.co.uk, *.srwatsonauthor.com, *.sx-pnxetu.ga, *.topsamloc.info, *.travelandwalk.com, *.tvoreativ.ru, *.unpaidovertimelawfirmga.xyz, *.xactdevelopments.com, *.zawodoweielektryczne.com.pl, bapituah01.tk, chen-akademie.de, collagenmask.ru, fira-hijabonline.cf, flyingeagle.tk, gravityresearchgroup.ga, helosaunas.ga, katabijakkita.com, learnitalianweb.com, media8entertainment.com, modomundo.com.br, motorschutzrelais.cricket, pt.co.ke, sacandbarrel.co.uk, srwatsonauthor.com, sx-pnxetu.ga, topsamloc.info, travelandwalk.com, tvoreativ.ru, unpaidovertimelawfirmga.xyz, xactdevelopments.com, zawodoweielektryczne.com.pl
Valid from August 16, 2017 to February 23, 2018
Serial Number: ea69dffeae34e1a729c4c191c88e1e98
Signature Algorithm: ecdsa-with-SHA256
Issuer: COMODO ECC Domain Validation Secure Server CA 2

Common name: COMODO ECC Domain Validation Secure Server CA 2

Organization: COMODO CA Limited
Location: Salford, Greater Manchester, GB
Valid from September 24, 2014 to September 24, 2029
Serial Number: 5b25ce6907c4265566d3390c99a954ad
Signature Algorithm: ecdsa-with-SHA384
Issuer: COMODO ECC Certification Authority

Common name: COMODO ECC Certification Authority

Organization: COMODO CA Limited
Location: Salford, Greater Manchester, GB
Valid from May 30, 2000 to May 30, 2020
Serial Number: 4352023ffaa8901f139fe3f4e5c1444e
Signature Algorithm: sha384WithRSAEncryption
Issuer: AddTrust External CA Root

I am able to load your site correctly without any warning. The test results you posted shows no problem and SSLLabs.com also grades your site with an A. You shouldn’t get any HTTPS error on pt.co.ke.

Strange thing is that when I try to acces the site using chrome on my pc I get a NOT SECURE https://www.pt.co.ke/

Thank you very much. I had to wait for almost 24 hours on my end before the browser resolved the HTTPS. I can now confirm that the SSL has a green lock and no security prompts.

Hi my hosting company need private key to add Intermediate/chain certificateHow can I do that ? Link that you share with us provide to the website with only cert code with out private key to put

If you receive this error, it means you are not being protected by Cloudflare.

Cloudflare’s SSL only works when your website’s traffic goes through Cloudflare. The “Cloudflare Origin Certificate” is a certificate that is only trusted by Cloudflare, not by browsers.

To fix this:

1. Go to the DNS tab in the Cloudflare dashboard
2. Find either the “A” or “CNAME” record for the subdomain you have this issue on
   (if this issue occurs without a subdomain, find the A/CNAME DNS record where the “name” is your website, eg. example.com)
3. Make sure that DNS entry has a cloud icon on the right is an orange cloud . Cloudflare’s SSL DOES NOT WORK if the cloud is grey . If the cloud icon is grey, click it to turn it orange.

Your website should now be going through Cloudflare and Cloudflare should be presenting a valid SSL certificate.

With this, you may get either a too_many_redirects error or another SSL error. To fix this, make sure your “SSL mode” in the SSL/TLS app is Full (strict). This is required when you install the “Cloudflare origin certificate” or another SSL certificate on your server. If this doesn’t fix it, see Community Tip - Fixing ERR TOO MANY REDIRECTS.