New Origin Certificate has validation errors

I’ve just been adding Origin Certificates to some of my sites. I’ve just noticed that there is an error in the certificates.

What have I done wrong?!

As it says it’s expired(Out of date)

IMG_20220302_162720

Renew your Certificate and Upload

1 Like

It’s a new certificate, expiration 2/26/37.

That shouldn’t happen , Kindly can your re-check which certificate you are uploading and revert back here ?

This one:

I don’t know why is this causing but @sandro might be able to help you with your SSL problems !

1 Like

On the server:

I have two other websites showing the same thing. I’ve also submitted a ticket to the hosting company.

1 Like

The hosting people say the error message comes from AutoSSL, which is now overridden, although the error is saying that the Cloudflare certificate has expired.

Appears to be a bug in cPanel.

Will always say “insecure” for Cloudflare Origin CA certificates.

While using Cloudflare Origin CA certificate, make sure to check the Full (Strict) SSL option under the SSL/TLS tab of Cloudflare dashboard.

2 Likes

@mawigmore What do you have your SSL/TLS set to?

You should have Full (Strict) (and “Full Strict” only!) set in the SSL/TLS overview page!

Flexible is insecure

Full is insecure due to a self-signed certificate (which is NOT trusted by most, if not all, modern browsers)!

Full (STRICT) is secure, an article explaining why is below!

Full (Strict)

Doesn’t explain why cPanel thinks the certificate has expired when the date shown in the SSL management page shows an expiry of 2037.

Good, good

Perhaps the certificate has been revoked? What is the domain (URL to the website)?

1 Like

newlifecentre.org

Cloudflare Origin CA certificate is a self-signed by default.

If cPanel is checking the chain, might be an issue if Cloudflare CA Root Certificate is missing at your web hosting provider → https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/#4-required-for-some-add-cloudflare-origin-ca-root-certificates.

And if you are not in control of it, then your hosting might have to put/update it, if so.

Otherwise, you’ve used Cloudflara Origin CA certificate without origin CA root as a “bundle” when installing it.

And, as far as it’s not a valid CA, neither Let’s Encrypt (says the same), it would only say “valid” if you are using a purchased one like Comodo, Digicert, etc.

1 Like

How do you know this? You aren’t the OP! I’ll need confirmation from the OP on this matter!

@mawigmore Is newlifecentre.org the domain?

It’s there in the Picture

Mentioned as Primary Domain

1 Like

facepalms

Sorry, didn’t realize that!

1 Like

@mawigmore It loads up just fine

It also appears that Cloudflare is NOT paused right now

The OP wants Origin Certificate , and yes the website is working fine .

Oh!

@mawigmore Consult the article below (then scroll to “Origin Certificates”)

1 Like