Origin certificate not trusted

Hey there, I've been trying to use Cloudflare's SSL certificates for a website. I was previously using Porkbun's integrated SSL service, which worked fine, but required updating the certificates when they expired. I'm not sure if this is the correct use of Cloudflare, so please let me know. Otherwise, I've set the SSL/TLS encryption mode to full strict, I have an active universal certificate, and an origin certificate set to expire in 15 years, with the rest staying on default config. I've installed it on my server, and it seems to work (at least according to this ), except that browsers spit out "Your connection is not private" with NET::ERR_CERT_AUTHORITY_INVALID. The subdomain in question says that it is proxied in the DNS config, that being the main difference from threads with this issue that I've found online. Any help appreciated!
17 Replies
Erisa
Erisa2mo ago
What do you see as the issuer name when you select "View certificate" or equivalent on the failing domain (on Chrome this is accessible from the ssl indicator on the address bar)
Sir Waffles
Sir Waffles2mo ago
No description
Sir Waffles
Sir Waffles2mo ago
I suppose it could be CloudFlare Inc
Sir Waffles
Sir Waffles2mo ago
No description
Sir Waffles
Sir Waffles2mo ago
It is, at least from what the DNS config shows Thats why I said it was the key difference from other posts
Hello, I’m Allie!
What's the domain?
Sir Waffles
Sir Waffles2mo ago
skyrden.com Main page is hosted on railway which seems to do its own SSL stuff
Hello, I’m Allie!
Is it the top level that is having the issues, or a subdomain?
Sir Waffles
Sir Waffles2mo ago
Otherwise the subdomain I’m using to test this is training.skyrden.com Others are using the Porkbun certificate to still have access to them Subdomain above is the problematic one
Hello, I’m Allie!
This what it is supposed to look like?
No description
Sir Waffles
Sir Waffles2mo ago
Yes, it’s just a Moodle instance
Hello, I’m Allie!
I'm getting no SSL/TLS issues, so I'm guessing your device/upstream resolver may have just cached your server's IP adress, instead of the Cloudflare proxy IPs
Sir Waffles
Sir Waffles2mo ago
Wait yeah that would make sense I didn’t think of trying another device Gah I’m sorry, my mistake Thanks for helping out
Hello, I’m Allie!
Though note, if the device is on the same network, it may still try with the old IPs, since it may be cached on the resolver itself(ISP, other).
Sir Waffles
Sir Waffles2mo ago
Yeah I’m on mobile data now and it works fine Do you think that there’s anything I can do for them to refresh it, or will I just have to wait?
Hello, I’m Allie!
Not really. DNS updates are usually pretty slow, though once the proxy kicks in, updates should take a minute or less globally Which is kind of cheating, but 🤷
Sir Waffles
Sir Waffles2mo ago
Alright then, thanks for the info!
Want results from more Discord servers?
Add your server
More Posts
Cloudflare access for WebDAVSo I have a Synology NAS with cloudflared docker running on it. I also have the manufacturer provideCloudflare's Mail Servers?Hi all 👋, So I was reading the Cloudflare website here: https://www.cloudflare.com/learning/dns/dnError: Failed to publish your Function. Got error: Uncaught ReferenceError: _page1 is not definedI am building my website with Astro. I have wordpress setup as a headless cms within the site. when Move route from 1 worker to another without downtime?I have a running Worker with a route which proxies basically the whole domain, now I'm starting to ubrowser-rendering text() throws "✘ ...ReferenceError: Buffer is not defined..."Hey all! Trying to use the "browser-rendering" feature to get the text of a page - the docs demo it Svix The 'credentials' field on 'RequestInitializerDict' is not implementedconst svix = new Svix(SVIX_API_KEY); try { const response = await svix.message.create(SVcaptcha on every website is just a grey boxi have tried different browsers, vpn and i have no extensions running, the only thing i have done onDo I need a Business Tier account to transfer domains between 2 cloudflare accounts I own?I am trying to move a domain I own from one cloudflare account to another, but when I try to add in Will Cloudflare sign a BAA for R2 UsageCurious if Cloudflare will sign BAAs for R2 usage to support HIPAA compliance?How can I create a PKCS #12 file from a Origin Server Certificate?I have a Origin Certificate for my website which works but I need a PKCS #12 cert file for my Plex M