SSL issues - Not in trusted repository

What is the domain name?

https:// www.suncobot. com - For now is empty

Have you searched for an answer?

Yes, a lot

Please share your search results url:

This is just the more relevant ones

https:// community.Cloudflare. com/t/community-tip-fixing-net-err-cert-authority-invalid/77958
https:// community.Cloudflare. com/t/troubleshooting-ssl-tls-issues/120789
https:// www.digitalcandy. agency/website-tips/Cloudflare-origin-ca-free-ssl-installation-on-godaddy/

When you tested your domain using the [Cloudflare Diagnostic Center](https:// www.Cloudflare. com/diagnostic-center/), what were the results?

Everything ok

Describe the issue you are having:

Privacy issues. It says “Can’t trust in this root CA certificate because is not in the trusted repository” (translated from Spanish)

The hosting is Godaddy

What error message or number are you receiving?

NET::ERR_CERT_AUTHORITY_INVALID

What steps have you taken to resolve the issue?

Follow all the steps in the provided urls. Clear ssl state. Restart Pc. Test another browser. Test another device. Also tried with Full and Flexible options

Was the site working with SSL prior to adding it to Cloudflare?

Not tested

What are the steps to reproduce the error:

Just go to the url

Have you tried from another browser and/or incognito mode?

Yes, same result

Please attach a screenshot of the error:

I attached some test result

The certificate looks fine to me and I’m having no trouble connecting. Did you actually get an error in a browser when trying to connect? If so, what OS/browser? Your edge certificate is from LetsEncrypt, and there have been reports of visitors having issues with those certificates if they’re on obsolete platforms with out-of-date root certificate stores.

(Not really related but FYI you can boost your SSL Labs score quite a bit by setting your Minimum TLS Version to 1.2 in the Cloudflare dashboard, it’s in Edge Certificates)

1 Like

Yep, it show no issues now. Yesterday was the same but then in an hour it displays an error again. Will wait and see

The screenshot attached displays the certificate with an hour of difference

About the TLS to 1.2, I read about that yesterday but don’t know if it affects some users

Have you been flipping your site between orange-clouded and grey-clouded? Your screenshot implies you’re using one of Cloudflare’s Origin Certificates on your server, which are only valid for orange-clouded traffic.

The fact that your browser was seeing it implies that you had your traffic un-proxied at some point

1 Like

I just Ctrl + f5 and again the issue. I use Chrome 104.0.1293.47 on Windows 11 22000.832

In mobile is Chrome 103.0.* and iPhone. Also displays an error in Safari

Nope, just orange ones. The server is on Godaddy

Under ordinary circumstances, the origin certificate should only be exposed to browsers if Cloudflare is bypassed, either via grey-cloud DNS entries or the “pause Cloudflare” option

Is this only happening from your home network? Have you gotten any reports of anyone else experiencing it? In all my checking, the domain is consistently resolving to the Cloudflare proxy and hence I’m only seeing your edge certificate.

If you do a nslookup or ping of your domain name from your home network, do you see Cloudflare IPs (you should) or do you see the actual IP of your server? If you see your actual server IP something odd is going on – cached DNS on your local network, domain hard-coded into hosts file, custom DNS server on the local network, something like that?

How recently did you migrate your DNS service Cloudflare? If it was fairly recently there could still potentially be old cached DNS floating around, if your old DNS provider was using a long TTL.

This is weird… yesterday I tried the ipconfig /flushdns but never tried the ping command

Now that I tested this, I get the real IP

After the /flushdns I test the /renew and also the /displaydns but it’s all there, never cleared

Tried too with powershell the Clear-DnsClientCache command

I migrated about 14 hours ago, with multiple settings moved now. Before (months ago) this server, I use it with another server, this time in AWS and with the Ssl in Flexible mode, and no issues. It worked after couple of minutes

Well if you’re seeing the real IP there’s probably some kind of DNS caching happening.

Someone else was experiencing this from their home network & solved with with a router reset, worth a try.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.