Still seeing Cloudflare SSL certs when proxy set to DNS only?

ben30 · December 19, 2019, 12:08pm

Hi,

Im confused as to what is happening with my current setup. I have a subdomain api2.mydomain.com as a CNAME record that points to my origin server. I have this set to Proxy Status: DNS Only. I have SSL/TLS mode set to full.

However, if I go to this subdomain api2.mydomain.com in my browser, I get a certificate error in Chrome:

NET::ERR_CERT_AUTHORITY_INVALID
Subject: CloudFlare Origin Certificate
Issuer: CloudFlare, Inc.
Expires on: 8 Oct 2033
Current date: 19 Dec 2019
PEM encoded chain:

I was under the impression that with the proxy status set to DNS Only, cloudflare is only doing the DNS resolution. Can anyone explain why the browser is still seeing a cloudflare certificate in the chain?

Thanks!

sandro · December 20, 2019, 9:47pm

That is correct and you actually dont get a Cloudflare proxy certificate here, but the Cloudflare Origin certificate configured on your own server.

system · January 18, 2020, 12:33pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.