That is not necessary. The root certificate should not be presented by the origin server. It is already known to the Cloudflare proxy trust store.
You will not be able to validate a Cloudflare Origin CA certificate with public certificate testing tools. The Cloudflare Origin CA root is not publicly trusted, nor is it meant to be. It is intended to be trusted by the Cloudflare proxy and is used to secure traffic exclusively between your server and Cloudflare.
You do have other issues in your origin SSL configuration that you should fix, notably the insecure TLS 1.0 and 1.1 protocols that are enabled, and the aforementioned Cloudflare Origin CA root certificate that should not be served.
if you look at https://www.sslshopper.com/ssl-checker.html?hostname=antiquescientifica.com
you’ll see there is a break in the chain it’s showing as not fully secured and that the certificate is not valid with the error
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.
I changed the TLS to support 1.2 and i’ll instruct support to remove the root chain certificate but they insist they need it I just need the site to go green
The Cloudflare Origin CA certificate is not a publicly trusted certificate and will always display that trust error. To make sure that your visitors do see any error, you need to make sure that the hostname is set to Proxied in your Cloudflare dashboard DNS app.
the root certificate has been removed and all the A type are proxied i’ve even unproxied and then proxied again to reset. the mx records show the exclamation error saying the records expose the ip of the proxied ip addresses.
what am i doing wrong here i’m missing something everything looks like it is set the way it should be but yet it’s still not showing as a valid certificate
Ok, updated Register has CF NS and when i log in to hostway there is a section for NS there as well currently listed is the hostway NS do i just remove the NS or replace it with the CF NS there as well if I do that how does CF and Register know where the website is being hosted at if it’s not being pointed at hostway
I have never used Hostway and their documentation is slightly unusual. I don’t know why you would need to enter your Cloudflare nameservers in their panel, This page sounds like they may expect it, but lacks sufficient clarity.
Register doesn’t and has no need to. That is not part of it’s role. It just tells the root nameservers what nameservers know about your domain. Those are now set to be the Cloudflare nameservers and they will know where your website is because you will create the necessary DNS records with that information.
Appreciate your time, I’ve made so many different changes and swapped so many different settings but something I recently did with your suggestions no doubt has solved the problem because I’m getting the “site secured” and a valid certificate response.