SSL activate on your but still not working


#1
amgad_ib Today at 17:05

I have installed free flexible SSL to one of my website since more than 24 hour and still get Your
“connection is not secure-
Error code: SEC_ERROR_UNKNOWN_ISSUER”
the site : www.pontigita.com


#2

Right now your domain nameservers are not pointing to Cloudflare nameservers so it is not using Cloudflare. The origin certificate installed is not intended for end users, but rather for Cloudflare to Origin communication.

dig pontigita.com ns +short
ns28.domaincontrol.com.
ns27.domaincontrol.com.


#3

just change ns and it will work or need another thing to do?


#4

Your records you wish to serve using the SSL certificate also need to be :orange: in the DNS control panel.


#5

Hello,
I have a slightly different problem. I have installed CF Origin Certificate, SSL Full Strict mode. My site is running very well, but I can not update the plugins, an error occurs:
cURL error 60: SSL certificate problem: unable to get local issuer certificate

By browsing my IP address displaying warning - Your connection is not secure
Error code: SEC_ERROR_UNKNOWN_ISSUER
HTTP Strict Transport Security: false
HTTP Public Key Pinning: false
On certificate details displaying CF Origin Certificate…


#6

I’ve not had that happen, but you could try this:


#7

I tried this, but I’m not shure that I did everything right, but no change.
so I copied this code (Cloudflare Origin CA) into a this file here, at end of code -
ssl_certificate /path/to/your_certificate.pem;

One thing, I do not know if I did it right - I have generate ECDSA type, I have Nginx server.


#8

Any suggestions?


#9

Here test from sslshopper.com -
https://www.dropbox.com/s/mq5n11nw70wldiv/test%20SSL.PNG?dl=0


#10

It appears to be the same issue as above. Your host needs to be :orange: in Cloudflare’s DNS.


#11

All records is orange.
The site running very well, SSL ok with Cloudflare sni 6 month certificate.
The problem is with CF Origin, I enable SSL Full Strict mode.
The testabove is from my IP address.


#12

That screenshot looks like it’s Cloudflare’s self-signed internal certificate for sites behind Cloudflare, so it’s going to appear broken to a test that’s not referencing Cloudflare’s root certificate.

Is there a way you can install a Let’s Encrypt certificate instead?


#13

This topic was automatically closed after 14 days. New replies are no longer allowed.