I don't know how to create CA Bundle/Intermediate certificate

I don’t know how to create CA Bundle/Intermediate certificate.

I tried above page.
but it is now working.

I want to use subdomain for postaffiliatepro.

Where are you trying to put this certificate? This is the guide I use:

thanks for reply.
I want to put postaffiliatepro server.
I already put root certificate.
it is ok.

postaffiliatepro request me to put also Intermediate certificate.
I don’t know how to create Intermediate certificate.

the following is their message.

Unfortunately, you´ve sent the main certificate for your subdomain affiliate.plusqo.ai and not the CA Bundle/Intermediate certificate. Previously you´ve sent a wildcard certificate for *.plusqo.ai.

It does not matter which of these 2 would be applied, but we need the proper CA Bundle/Intermediate certificate generated for your main certificate. Please, contact your SSL issuer - Cloudflare in order to get the proper bundle or intermediate cert. We´ve tried these certificates again (https://support.cloudflare.com/hc/en-us/articles/203041594-Cloudflare-SSL-cipher-browser-and-protocol-support#h_051f7bfe-6a15-4e1f-8a8c-3a7b877d7d77), but with no success.

current I set CNAME like this
CNAME affiliate.plusqo.ai plusqoai.postaffiliatepro.com DNSonly

but I can not open https://affiliatepro.plusqo.ai

if somebody can help me, please help me.

Other than Cloudflare Origin CA certificates, and their Root CA certificate, that’s all Cloudflare can help with regarding certificates.

Where did you get the certificate you tried adding to postaffiliatepro?

I created in this.

my subdomain is current status.

I need to prepare bundle or intermediate cert for resolve this issue.

I don’t know this detail much.

Try one of the root certificates from my original response.

I try it

they reply…

it looks like you used Free Cloudflare self signed certificate. Am I right?

I am worried that it cannot be used for this purpose, since you are using it outside the Cloudflare. That’s essentially a Cloudlfare self-signed certificate that’s only recognized by Cloudflare’s proxy servers when they connect to your site.

It is mentioned at the end of the article you shared.

Origin CA certificates only encrypt traffic between Cloudflare and your origin web server and are not trusted by client browsers when directly accessing your origin website outside of Cloudflare. For subdomains that utilize Origin CA certificates, pausing or disabling Cloudflare causes untrusted certificate errors for site visitors.

Since your subdomain isn’t going through Cloudflare, so that’s why the Origin certificate is showing up in an SSL scan, rather use Cloudflare’s Universal SSL certificate, which is signed by…Digicert

I don’t know…

if I need to upgrade plan of cloudflare, I can do it.

They are exactly correct. The article in my first link outlined this.

thus, how should do I ??
what do I have to send to them ??

I don’t resolve this issue.
please help me.
if somebody know detail way, please teach me.

Maybe I missed something in the thread, but on the DNS tab you need to make sure the hostname in question is :orange:

Thanks for your answer.
what do I need to set on DNS tab ?

Beside the entry for affiliate.plusqo.ai click the :grey: to make it :orange:

I changed it !
but it look it has any problem yet…

thanks. I checked and I asked to origin server.
CNAME is not crrect.


I don’t know the reason.
proxi was bad ??

it past a few days.
but CNAME is not connect.


somebody know this reason ?

You are searching for a CNAME. Cloudflare is flattening the CNAME, so run your search for A or AAAA and you will see valid records which indicate your host is active on Cloudflare


Setting SSL mode to Full will resolve your too many redirects issue.