Cloudflare Origin Certificate Not Trusted Error

If you’re using Cloudflare for website security and performance, you may encounter a “Cloudflare origin certificate not trusted” error. This error means that the website is not being protected by Cloudflare and is not using its SSL certificate, which can result in a higher risk of cyberattacks and data breaches.

In this article, we’ll go over the steps to resolve the Cloudflare origin certificate not trusted error, provide detailed information on Cloudflare SSL, and offer resources to help you troubleshoot other Cloudflare SSL-related errors.

Understanding Cloudflare SSL

Cloudflare’s SSL certificates are used to encrypt website traffic, making it more difficult for attackers to steal sensitive information. Cloudflare offers several types of SSL certificates, including Universal SSL, Advanced SSL, Custom SSL, and Custom Hostnames SSL. These certificates are only effective when a website’s traffic is routed through Cloudflare.

The “Cloudflare Origin Certificate” is a certificate that only Cloudflare trusts, not browsers. It’s used to secure traffic between Cloudflare and the website’s origin server. When you install the Cloudflare Origin Certificate, the traffic between Cloudflare and your origin server is encrypted and protected.

However, older browsers may display errors about untrusted SSL certificates even with a Cloudflare SSL certificate provisioned for a domain because they do not support the Server Name Indication (SNI) protocol used by Cloudflare Universal SSL certificates. In this case, Cloudflare Support can enable non-SNI support for domains on Pro, Business, or Enterprise plans for Universal, Advanced, Custom, or Custom Hostname certificates.

Resolving Cloudflare Origin Certificate Not Trusted Error

Here are the steps to resolve the Cloudflare origin certificate not trusted error:

1. Navigate to the DNS section of the Cloudflare dashboard.
2. Locate the “A” or “CNAME” record for the domain.
3. Check whether the DNS entry has an orange cloud icon on the right.
4. If the cloud icon is grey, click on it to make it orange.
5. Cloudflare should now be routing the website with a valid SSL certificate.

It’s important to note that Cloudflare SSL certificates only cover the root-level domain and one level of subdomains. If you have more than one level of subdomain, you’ll need to install a wildcard SSL certificate or a separate SSL certificate for each subdomain.

Troubleshooting Other Cloudflare SSL Errors

Redirect loop errors or HTTP 525 or 526 errors can occur when the current Cloudflare SSL/TLS encryption mode in the Cloudflare SSL/TLS app is not compatible with the origin web server’s configuration. To resolve these errors, try changing the SSL/TLS encryption mode in the Cloudflare SSL/TLS app to a different setting.

If SSL errors only occur for hostnames not proxied to Cloudflare, proxy those hostnames through Cloudflare to ensure that they are protected by Cloudflare SSL.

Conclusion

Using Cloudflare for website security and performance is an excellent choice for website owners and web developers. Cloudflare SSL certificates can help protect against cyberattacks and data breaches. However, if you encounter a Cloudflare origin certificate not trusted error, follow the steps outlined in this article to resolve the issue. And if you encounter other Cloudflare SSL errors, be sure to consult Cloudflare’s resources and support team for assistance.

Resources

• Cloudflare SSL
• Cloudflare SSL FAQ
• Cloudflare SSL Errors and Troubleshooting