SSL not secure. Authority Invalid

Website, Application, Performance Security
1

Answer these questions to help the Community help you with Security questions.

What is the domain name?
untangle.es

Have you searched for an answer?
Yes, and have followed steps, but I can’t make it work

Please share your search results url:
https://www.ssllabs.com/ssltest/analyze.html?d=untangle.es

When you tested your domain, what were the results?
If I use a SSL certificate from ZeroSSL I get padlock and browser says it is secure.
As soon as I switch to Cloudflare Origin Certificate I don’t get the padlock, it says Unkown Certificate Type.

Describe the issue you are having:

What error message or number are you receiving?
NET::ERR_CERT_AUTHORITY_INVALID

What steps have you taken to resolve the issue?

  1. Activated SSL and TLS. Full strict mode activated in Cloudflare
  2. Check for mixed content. It doesn’t seem to be this becuase then I use ZeroSSL certificate I am not getting any errors
  3. I have run some tests proposed in other threads, but they say the SSL is ok. However as soon as I open the web I get the error.

Was the site working with SSL prior to adding it to Cloudflare?
Yes

What are the steps to reproduce the error:

  1. Open “untangle.es”

Have you tried from another browser and/or incognito mode?
Yes, chrome, brave, edge and firefox. Same results in all of them

Please attach a screenshot of the error:
Browser 2:
image

Thank you!

3

The Cloudflare origin certificate is for use behind the proxy, it is only trusted by Cloudflare.

However, your DNS records are currently proxied and the edge certificate is ok.
https://cf.sjr.org.uk/tools/check?758dd88918f54f53b7e5a617ed7c8971#connection-server

Make sure you don’t have something set locally that’s resolving to the IP address of your server, instead of the IP address Cloudflare is publishing for your site. Connecting direct to your server, so bypassing Cloudflare, with the Cloudflare origin certificate is expected to produce that warning.

3 Likes
4

Hi @juan14, your topic has a solution here.

Let us know what you think of the solution by logging in and give it a :+1: or :-1:.

Solutions help the person that asked the question and anyone else that sees the answer later. Login to tell us what you think of the solution with a :+1: or :-1:.

5

Thanks sjr, that was it!

I had left NS Records pointing directly to my server that were imported from the backup I made before setting Cloudflare as my primary DNS provider.

As soon as I deleted them, the edge certificate from Let’s Encrypt started loading instead of Cloudflare origin certificate.

1 Like
6

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.