NET::ERR_CERT_AUTHORITY_INVALID and Origin Server certificates

Hello @sandro
You set this Topic as solved. I know there are different issues there, but I think that MAYBE @geopehlivanov is facing a similar problem that I am.

I believe I installed my CA Origing Certificate as described in the procedure, change it to FullStrict, etc. But I am getting the NET::ERR_CERT_AUTHORITY_INVALID warning when I visit my page.

When I use the SSL Checker it says that the installed certificate is OK, but the root Cloudflare ORIGIN SSL CERTIFICATE AUTHORITY is not valid since November 12, 2019.

Do you (or someone else) know how can I solve it?

Topic - (://
Procedure - (://
SSL Checker - (://

Origin certificates should only be used on a :orange: Proxied hostname.

That bottom cert also looks expired. If that’s the root CA certificate, current ones are available here:

1 Like

Thanks @sdayman!
My hosting is expecting a .KEY to install the new root certificate.
Do you know how can I get it?

Yes, how exactly to install this root certificate without private key?
I still cant resolve my issue. It’s really frustrating. In Chrome still domain unmask server ip and get the same error.

Origin Server certificates generated by Cloudflare should only be installed on servers that you place behind a proxied DNS record. The certificate on your server should only be seen by Cloudflare and will not be valid in a browser or via SSL Labs or any other validator.

So the solution here is either:

a) Turn on the Proxy (aka Orange Cloud) for the DNS record you’re seeing this error on
b) If you cannot turn on the proxy, you must install a valid certificate on your origin server from a CA such as Lets Encrypt

1 Like

Proxy (orange cloud) is turn on and it works in all other browsers I tested, instead of Chrome.
@paulus Do you have the same problem with Chrome, or with all browsers?