SSL Certficate errors on Security Risk Warning pages

Morning all

I have recently installed Cloudflare SSL via cpanel and when visiting my website via firefox or MS Edge I see the “Warning: Potential Security Risk” webpage. When I click the advance button I see the following

https://www.hylem.co.uk/

Peer’s Certificate issuer is not recognised.

HTTP Strict Transport Security: false

HTTP Public Key Pinning: false

This is followed by certificate chain of 2 certificartes

Any ideas how I can fix this? It is very frustrating as I don’t want to loose clients who may turned away by the warning page.

many thanks

Flavio

You’ll still connect to your server directly. You have an Origin certificate, which is only trusted by Cloudflare and not browsers. Make sure that you flush your local DNS resolver cache.

Also, make sure you are on Full Strict on Cloudflare. Occasionally they select an insecure mode there.

many, many thanks for your swift help Sandro - not sure how to flush local DNS resolver cache but will give it a go.

On Windows:
ipconfig /flushdns

On MacOS:
sudo dscacheutil -flushcache;sudo killall -HUP mDNSResponder

thanks again! I have done as you said but still getting exactly the same warning page and error messages:

https://www.hylem.co.uk/

Peer’s Certificate issuer is not recognised.

HTTP Strict Transport Security: false

HTTP Public Key Pinning: false

Might the certificate chain be the problem? see below

-----BEGIN CERTIFICATE-----

MIIEojCCA4qgAwIBAgIUIEY5Nih3ktCkCY/XG6JQLT51KN4wDQYJKoZIhvcNAQEL

BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw

MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9y

aXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlh

MB4XDTIxMTAxMzIxMjMwMFoXDTM2MTAwOTIxMjMwMFowYjEZMBcGA1UEChMQQ2xv

dWRGbGFyZSwgSW5jLjEdMBsGA1UECxMUQ2xvdWRGbGFyZSBPcmlnaW4gQ0ExJjAk

BgNVBAMTHUNsb3VkRmxhcmUgT3JpZ2luIENlcnRpZmljYXRlMIIBIjANBgkqhkiG

9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusJ9KS7sQ6X2RlxzoNnn78bjtG5pa0vUqiw1

2x/OBLN8Ex073vX4ZpBy6r33RPAd4sC6XPKiiBpwxU4YreisQDrpUW2JXwHRDGDP

WCHxqTu12WzTc/yfFic/Sk0/BxLaRmMuCpcdyW7193js3yupzZsKESC4RBzmDL0p

SDw/K+pgEb26KRHrOQUCxeXy3e/kAtPzNBN4psCU4MyMavgRZTwxW/rgaM3ipv/V

WTyQiEV7G5ZYfERtJG6fgEvCTxbSwOqeLgmxzTgAEFsgMptbyP9PVW1FUk+nn2KA

5/rVRbSbMNUk+LaeDFCsJ8wK+focUtrKY1T7SH6oihfLfjOViQIDAQABo4IBJDCC

ASAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD

ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQyRBK6TiJTpwAxyOmSL4v3mzfYOTAf

BgNVHSMEGDAWgBQk6FNXXXw0QIep65TbuuEWePwppDBABggrBgEFBQcBAQQ0MDIw

MAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmNsb3VkZmxhcmUuY29tL29yaWdpbl9j

YTAlBgNVHREEHjAcgg0qLmh5bGVtLmNvLnVrggtoeWxlbS5jby51azA4BgNVHR8E

MTAvMC2gK6AphidodHRwOi8vY3JsLmNsb3VkZmxhcmUuY29tL29yaWdpbl9jYS5j

cmwwDQYJKoZIhvcNAQELBQADggEBAJDiIvFeedV0wFWWXXpjmos8ivRaFS5X+cHi

y4lKLNY9coCRhboA/srxZ0kc9cZqPYpLJFGfyu/2u/zF3KqwA7HUyKpSfR30QTKM

ZCcgc10hWCB4I5Wh5dKxQ1J1mtNoY0WD2HHym7UvbZZLDv3wCtXWb3dOgaZlz3Vl

Z35gfsHKE68HdKby7efSaze6o89N6H/QWoC+tSDgwWEywPuz5FAIHv8doJznUmWj

9562igpfauq+ZyXGfccEwK4ItBVbUzHm3QH1mpUTQ7sZwdC5t+kw3bHL2UBeTSan

QE3o8t1xVXSVt8OJyv/tTTYxbTW860HpgM8fMbCJK6D9fO3A/64=

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MIID/DCCAuagAwIBAgIID+rOSdTGfGcwCwYJKoZIhvcNAQELMIGLMQswCQYDVQQG

EwJVUzEZMBcGA1UEChMQQ2xvdWRGbGFyZSwgSW5jLjE0MDIGA1UECxMrQ2xvdWRG

bGFyZSBPcmlnaW4gU1NMIENlcnRpZmljYXRlIEF1dGhvcml0eTEWMBQGA1UEBxMN

U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTAeFw0xNDExMTMyMDM4

NTBaFw0xOTExMTQwMTQzNTBaMIGLMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xv

dWRGbGFyZSwgSW5jLjE0MDIGA1UECxMrQ2xvdWRGbGFyZSBPcmlnaW4gU1NMIENl

cnRpZmljYXRlIEF1dGhvcml0eTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEG

A1UECBMKQ2FsaWZvcm5pYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB

AMBIlWf1KEKR5hbB75OYrAcUXobpD/AxvSYRXr91mbRu+lqE7YbyyRUShQh15lem

ef+umeEtPZoLFLhcLyczJxOhI+siLGDQm/a/UDkWvAXYa5DZ+pHU5ct5nZ8pGzqJ

p8G1Hy5RMVYDXZT9F6EaHjMG0OOffH6Ih25TtgfyyrjXycwDH0u6GXt+G/rywcqz

/9W4Aki3XNQMUHNQAtBLEEIYHMkyTYJxuL2tXO6ID5cCsoWw8meHufTeZW2DyUpl

yP3AHt4149RQSyWZMJ6AyntL9d8Xhfpxd9rJkh9Kge2iV9rQTFuE1rRT5s7OSJcK

xUsklgHcGHYMcNfNMilNHb8CAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgAGMBIGA1Ud

EwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFCToU1ddfDRAh6nrlNu64RZ4/CmkMB8G

A1UdIwQYMBaAFCToU1ddfDRAh6nrlNu64RZ4/CmkMAsGCSqGSIb3DQEBCwOCAQEA

cQDBVAoRrhhsGegsSFsv1w8v27zzHKaJNv6ffLGIRvXK8VKKK0gKXh2zQtN9SnaD

gYNe7Pr4C3I8ooYKRJJWLsmEHdGdnYYmj0OJfGrfQf6MLIc/11bQhLepZTxdhFYh

QGgDl6gRmb8aDwk7Q92BPvek5nMzaWlP82ixavvYI+okoSY8pwdcVKobx6rWzMWz

ZEC9M6H3F0dDYE23XcCFIdgNSAmmGyXPBstOe0aAJXwJTxOEPn36VWr0PKIQJy5Y

4o1wpMpqCOIwWc8J9REV/REzN6Z1LXImdUgXIXOwrz56gKUJzPejtBQyIGj0mveX

Fu6q54beR89jDc+oABmOgg==

-----END CERTIFICATE-----

I am pulling my hair out :(((

You’ll be still connecting to your server. Check the IP address and make sure there is nothing in your hosts file.

Ping your domain. As long as you don’t get the proxy addresses you’ll get that error.

You need to make sure to get these two addresses, 172.67.135.119 and 104.21.6.238.

Cheers :slight_smile: will take another look

hi I pinged my domain (www.hylem.co.uk) but I get completely different IP. What is the next step for me to get the IP you have listed? many thanks flavio

Did it happen to begin with 2606:4700:3037?

If not, then you have some DNS issue at your end. I recommend you update your DNS setting on your device or your router to use 1.1.1.1 or 9.9.9.9

I am not sure what 2606:4700:3037 refers. Here is what I get from ping result. Can you offer any insight?

Other than what I suggested about resolvers, you may have that IP address in a local hosts file.

thank you very much, will try both solutions -

1 Like

I am afraid there really is not much more to suggest. You are simply using the wrong IP address. That’s either for a cached entry on your server or for aforementioned hosts file. Both things are somewhat out of the scope of the forum here and rather local issues Cloudflare does not control.

As I said earlier.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.