Invalid SSL certificate on origin server but Cloudflare Certificate installed

Website, Application, Performance Security
1

What is the name of the domain?

What is the error number?

526

What is the issue you’re encountering

Invalid SSL certificate Error code 526 Visit cloudflare.com for more information.

So Invalid SSL certificate on the origin server but I have installed Cloudflare certificate correctly at Origin Server.

What steps have you taken to resolve the issue?

Revoked Origin Certificate from Cloudflare. Created a new one, still has the same issue. I visited - Troubleshooting Cloudflare 5XX errors · Cloudflare Support docs

Followed the step. When I used SSL Checker to check hostname, it verify all information is correct except “cloudflare. The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.”

I really don’t know what to do next. Cloudflare origin SSL is installed on server correctly. But if I use Full Strict in Cloudflare, it shows invalid. So I am using full for now

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

What are the steps to reproduce the issue?

Change to SSL full strict

2

Can you pause Cloudflare?

3

Hello, I followed the instructions and paused. then the website is inaccessible.

I am using Cloudflare free origin certificate on the Server.

4

It currently is not paused, you need to pause it.

5

Hello,

Check right now it is paused. It throughs up " Your connection is not private

Attackers might be trying to steal your information from www.makemoney.ng (for example, passwords, messages or credit cards). Learn more

net::ERR_CERT_AUTHORITY_INVALID"

I am using Cloudflare origin certificate at the server, not a third party.

I cannot afford to leave it paused because It is a live site and this can affect it

6

You configured 14 certificates, some of which not yet valid or expired.

Certificate chain
 0 s:O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate
   i:C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California
 1 s:O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate
   i:C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California
 2 s:O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate
   i:C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California
 3 s:O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate
   i:C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California
 4 s:O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate
   i:C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California
 5 s:O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate
   i:C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California
 6 s:O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate
   i:C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California
 7 s:O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate
   i:C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California
 8 s:O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate
   i:C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California
 9 s:O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate
   i:C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California
10 s:O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate
   i:C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California
11 s:O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate
   i:C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California
12 s:O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate
   i:C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California
13 s:O = "CloudFlare, Inc.", OU = CloudFlare Origin CA, CN = CloudFlare Origin Certificate
   i:C = US, O = "CloudFlare, Inc.", OU = CloudFlare Origin SSL Certificate Authority, L = San Francisco, ST = California

You need to clean this up.

7

Thank you.

How do I clean up? From where?

I have a couple of domain on my cloudflare. Do their certificate also count am,long this?

8

You need to fix this on your server.

Make sure you only have the current certificate.

1 Like
9

Hello,

Thank you. My host did re-issue and it worked. Said it was a caching issue. SO full strict mode works now. But if I pause Cloudflare, it shows an invalid certificate. But with cloudflare not paused, all works well.

So, I am wondering, when using Cloudflare free origin certificate, does it still work when cloudflare is paused?

10

Origin certificates are only trusted by Cloudflare. If you are on Full Strict, your site is now secure.

1 Like
11

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.