Hi, I’m having problems with the Cloudflare Universal Cert on the origin server.
I generated new certificates in Cloudflare and installed them.
Urgently need some help here. Thanks in advance!!!
Here is the error message:
“One of the root or intermediate certificates has expired (648 days ago).”
Organization: CloudFlare, Inc. Org. Unit: CloudFlare Origin SSL Certificate Authority
Location: San Francisco, California, US
Valid from November 13, 2014 to November 13, 2019
Serial Number: 1146955871616924775 (0xfeace49d4c67c67)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CloudFlare, Inc.
I have generated new Origin Keys today. There seems to be a problem with the root certificate. My CPanel does not give the option of installing a separate root cert.
I have already done pretty much everything recommended here.
Checked DNS - all proxied.
Downloaded the CloudFlare Origin RSA pem cert. I have no idea where and how to install this. When I install it via CPanel SSL, it goes but shows a s self signed and doesn’t change anything. I am on a hosted virtual account, so don’t have full control over the server.
The problem seems to be in the second cert in the Origin Cert package. That certificate has an expire date in 2019.
Do you have any further ideas?
Thanks for your help!
I have tested the certs again, using sslshopper and SSL Checker.
The problem is with the second part of the origin certificate #2 after installation. It expired in 2019. That is clearly the reason why the hosting server is rejecting it. I attach screenshots.
I don’t know enough about SSL to work out where else to look.
I have already completely uninstalled the CloudFlare Certs, disabled SSL in Cloudflare for an extended time, re-generated a new origin cert and uploaded. The result is always the same.
Is the Cert# 2 part of the Origin Cert installation? Or does that already exist somewhere on the server?
And it clearly points to your server at NameCheap. As I said, if there are certificate problems at your host, you’re going to have to work this out with them. Cloudflare right now provides up to date certificates for you to download and add to your server.
Now you’ve lost me. Where does it point to NameCheap as the culprit, when it says CloudFlare root or intermediate certificate has expire 653 days ago.
If you could point me in the right direction where to start sorting this out with the NameCheap, that would help.
Where does the certificate in question originate and where does it live? I downloaded a CloudFlare Root Certificate, but there are no instructions on how to implement on a shared server. Can I assert with certainty that the problem is on their server? And where?
Thanks again for your assistance.
Hey sdayman, It’s sorted. Had a good support person at NameCheap. I didn’t know to upload the root cert as CABUNDLE.
CPanel showing an alert is expected behavior with a CloudFlare cert.
So, Thank you again for your input.