SSL shows invalid on Godaddy hosting

I’ve installed my cert onto my GoDaddy hosting, Godaddy shows that the cert is invalid, says it has 2 errors
self-sign-cert-in-chain
cert-has-expired

When I look at the cert, shows CA as Cloudflare, and expiry in 2036

Any ideas on how to fix this?
Thanks

That suggests that you installed an Origin certificate and these are only valid in a proxied context as only the proxies of Cloudflare will trust them. Make sure the DNS records in question are :orange: and that your encryption mode is “Full strict” and you should be good to go :slight_smile:.

The warning might be wrong in this case, respectively based on the fact that Origin certificates are not publicly trusted.

1 Like

It’s also possible it needs the Root CA installed as well in order to validate.

1 Like

I check Sandro’s suggestion and it was setup( DNS are proxied)

I don’t know how to install the Root CA onto Godaddy.

You do not absolutely need the root certificate and your error message would not necessarily indicate that that’s the issue.

Does your site load fine and is it on Full strict? In that case you can probably ignore the warning.

What’s the domain? Also check if you do not possibly have a second, expired certificate in there.

gpkoldtimershockey.com

only 1 cert installed.

It does return a valid Origin certificate and the root certificate seems to be there too.

Can you post a screenshot of the warning?

1 Like

Got it, you have an expired root certificate and that’s the one that it complains about. You should update your certificate bundle and replace the current certificate with the new one from Managing Cloudflare Origin CA certificates – Cloudflare Help Center.

1 Like

image

The certificate has the following errors:
Certificate #2 (ST=California,L=San Francisco,OU=CloudFlare Origin SSL Certificate Authority,
O=CloudFlare, Inc.,C=US) has 2 validation errors: SELF_SIGNED_CERT_IN_CHAIN, CERT_HAS_EXPIRED.

That’s the one you need

https://support.cloudflare.com/hc/article_attachments/360037885371/origin_ca_rsa_root.pem

Not sure I installed it correctly

The date is all right, at least the expiration warning should not be displayed any more.

Still shows exact same error?!

It still returns the expired certificate. I am afraid at this point you need to contact your host and clarify that with them.

What you need is your own certificate and ideally the updated root certificate. Maybe it takes some time to update, but that’s something only your host can clarify.

Godaddy won’t help with third party certs.

I thank you for your help, I will keep investigating, or ignore that message as the site seems to work correctly with https.

Thank you again!!!

Well, if you put it like that I’d change host anyhow :slight_smile:

But the issue now is that they do not seem to have imported the updated certificate you uploaded and only they can check that. Your screenshot shows the new one, but then they still return the old one. Only guess, maybe it takes some time.

Generally, you shouldn’t need the root certificate and the proxies should be happy with the Origin certificate alone as well, anything else really is for them I am afraid.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.