Hi, I’m very new to all of this so please excuse any obvious mistakes on my part. I wanted to secure my family portal so I decided to use Cloudflare as it was in in my cpanel. I am using the free account. I followed all the directions to a T. On my DNS tab it shows that my domain is orange and www is orange.

On my crypto page I created an origin certificate while live chatting with my host provider and copied and pasted the keys. My provider than installed those keys. I then set my SLL to full strict. That was 2 days ago. I’ve run several online SSL checker tools and they all say that everything is fine and that I should not have any problems but when I attempt to go to my browser states it’s not safe and gives me the NET::ERR_CERT_AUTHORITY_INVALID error. The certificate itself is stating that it is invalid with the following errors “this certificate cannot be verified to a trusted certification authority” On the details tab the two errors are Key usage Digital Signature, Key Encipherment (a0) and Basic constraints Subject Type=End Entity
Path Length Constraint=None Finally the certification path states the following This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.

Was there a DNS record or something additional I needed to do to get it to work correctly?

You are currently redirecting all https requests to HTTP?

According to everything is fine and A rated.

You can try “Full” as SSL setting if this persists with "Full (strict). With this setting Cloudflare will not check if the certificate in your server is valid or not. All traffic between Cloudflare will still be encrypted. But please: check your server configuration before and ensure you activate HTTPS.

If the error disappears on Full, there’s something wrong with your origin certificate or a problem with the intermediate certificates on your server. They may be wrong, missing, your webserver doesn’t know the correct file path…

1 Like

Thank you for your reply. I contacted my host and it looks like it was some sort of mis-configuration their part. Everything is working fine now!


This topic was automatically closed after 14 days. New replies are no longer allowed.