No trust in this root certificate of a certification authority because it was not found in the store of trusted root certificates of certification authorities

About two months ago, I successfully installed certificate signed by Cloudflare on my origin server according to the instructions Managing Cloudflare Origin CA certificates (step 1-3)
About two days after installation, and satisfied with myself, I watched a green lock in the address bar, confirming the encrypted connection via https

Everything was fine, but one day Site opens with an SSL certificate warning (There is no trust in this root certificate of a certification authority because it was not found in the store of trusted root certificates of certification authorities)

Delete existing certificate from Cloudflare (Edge Certificates & Origin Certificates) and from cPanel → security → SSL / TLS and then create a new one Edge Certificates & Origin Certificates -
a) through Cloudflare with the registration of the certificate (CRT) and private key in the cPanel section → Install a site with SSL encryption
b) through a request for signing an SSL certificate in the corresponding cPanel section, receiving using the received encrypted CSR certificate and installing it in cPanel

Didn’t solve the problem - I have an error

Chrome NET::ERR_CERT_AUTHORITY_INVALID
EDGE DLG_FLAGS_INVALID_CA
FireFox SEC_ERROR_UNKNOWN_ISSUER
Opera NET::ERR_CERT_AUTHORITY_INVALID

Three days of work in search of a problem did not lead me to a solution and I do not see a solution to the problem…
I would be grateful for any help and advice!

PS.

Hi @ssl4,

Cloudflare Origin Certificates only work when a site is proxied through Cloudflare. Looking at yours, you appear to either have Cloudflare paused or your DNS records set to :grey:, the origin cert will therefore not work.

Indeed, I suspended Cloudflare (I did not change the DNS records), but now Cloudflare is active again

:+1:

And your site loads fine for me now with SSL.

For my part, the certificate error is still relevant

There may be a problem in the certificate chain (also called the CA Bundle or certificate with a full chain). How to check this assumption?

Use their development site. The regular site is still having issues with Cloudflare certs. I’m surprised you could even see any information. My own sites say Failed to obtain certificate and stop there even if I instruct Qualys to ignore the domain mismatch by clicking on Click here to ignore the mismatch and proceed with the tests.

Edit: Question - Why the Let’s Encrypt cert from cpanel?

This topic was automatically closed after 30 days. New replies are no longer allowed.