TLS untrusted certificate error

At this moment I got www.example.com attached to a load balancer. These load balancer is attached to server1.example.com and server2.example.com. I am using SSL Full (strict) with Cloudflare origin certificates. Everything is okay.

But when I acces server1/server2.example.com I got a security message because the Cloudflare origin certificate is self-signed. I understand that.

Today I bought a server1.example.com Sectigo certificate and installed it instead of the Cloudflare origin certificate. Now I can access server1.example.com over HTTPS without any problems or security warnings.

But the problem now is it is not working anymore in my load balancer. I got understanding message mailed because of an failure:

Tue, 11 Jun 2019 10:09:34 UTC | DOWN | Origin example1 from Pool example1 | TLS untrusted certificate error

Why is it untrusted? Google Chrome is trusting it, why the load balancer / Cloudflare not? Is it only possible to make use of it with origin certificates? Why not with a regular signed certificate?

Literally for this hostname?

If so, we probably have the reason for the error. I’d expect the certificate to have to be issued for the main hostnames (likely the naked domain and www) and not the individual servers. The latter could be possible if you specify hostnames instead of IP address but that is something you should clarify with support.

Another explanation could be a missing intermediary certificate, because of which Cloudflare cant verify your new certificate.

Thanks, also tried it with the load balancer address, www.example.com and a matching certificate. That one was also not working. So I was thinking that I needed a server1/2/3 specific certificate.

The intermediary certificate is a good point that I am going to try. Because I did not install any of them.

This topic was automatically closed after 30 days. New replies are no longer allowed.