Problem with Cloudflare Origin Certificate

What is the name of the domain?

‘cambridgehouse.org.uk’

What is the error message?

SEC_ERROR_UNKNOWN_ISSUER

What is the issue you’re encountering

Cloudflare Origin Certificate being presented to Clients

What steps have you taken to resolve the issue?

Hi, I’ve set up a Cloudflare Origin Certificate on my apache server. Cloudflare DNS A records are proxied. The SSL/TLS encryption mode is Full (strict), but for some reason the Origin Certificate is being sent to clients instead of the Edge Certificate so clients are getting SEC_ERROR_UNKNOWN_ISSUER warning. I don’t understand what I’ve done wrong and why they are getting the origin certificate instead of the edge certificate. The https connection between cloudflare and my webserver seems to be working so I’m not sure if it’s a problem with my SSL config on my server or is there something I’ve done wrong with cloudflare DNS.

Also, I can still access the website over http even though I’ve enabled Always Use HTTPS, which makes me think the problem must be with DNS somehow. I’m just not sure what’s going on. Thanks

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full (strict)

Screenshot of the error

Capture.jpg874×770 45.3 KB

Aso, when I test the certificate here: SSL Checker it seems to look right, but why do I get the Origin certificate when I vist my site in chrome or firefox?

From the outside, all is ok…
https://cf.sjr.org.uk/tools/check?7907b67f20d547f48061b2d5f7ed48f0#connection-server-https

Do you have a local DNS resolver or hosts file entry that is forcing your DNS requests to resolve to the origin IP address directly?

Try on another network or changing your resolver to 1.1.1.1, 8.8.8.8, 9.9.9.9 or other.

It all seems to be working now, maybe it was a caching issue on my local machine or ISP?
Thanks for your help

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.