The certificate chain referenced by 'cert-url' is invalid for the signed exchange

Hosting Support
1

Sever ip: 185.27.134.139
Domain: REMOVED.com
Hi infinityfree members, modarators and admin,

Today I have received this message from google search console as warning for amp pages

The certificate chain referenced by 'cert-url' is invalid for the signed exchange.

After contacting with cloudflare support they told me to check this command

curl -svo /dev/null https://newisty.com --connect-to ::185.27.134.139

Command Result

* Rebuilt URL to: https://REMOVED.com/
* Connecting to hostname: 185.27.134.139
*   Trying 185.27.134.139...
* TCP_NODELAY set
* Connected to 185.27.134.139 (185.27.134.139) port 443 (#0)
* schannel: SSL/TLS connection with newisty.com port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 182 bytes...
* schannel: sent initial handshake data: sent 182 bytes
* schannel: SSL/TLS connection with newisty.com port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with newisty.com port 443 (step 2/3)
* schannel: encrypted data got 7
* schannel: encrypted data buffer: offset 7 length 4096
* schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
* Closing connection 0
* schannel: shutting down SSL/TLS connection with newisty.com port 443
* schannel: clear security context handle

May be this ip not using ssl right now, expired or something. (I don’t know). Can you please tell me about this issue or how to solve this.

2

CA SSL certificates are not allowed on free hosting, you will need to use Cloudflare “Full” SSL instead.
Thanks

1 Like
3

thank you @Greenreader9 for your valuable reply.
After your reply, I have changed ssl Full in my cloudflare setting, but problem not solved. Any. more tips in this problem?

4

Because in order to use the “Full” setting, you need a self-signed certificate on the server. Check out this excerpt from my Cloudflare guide.

-------Set-up Cloudflare SSL-------
Setting up Cloudflare SSL is quite easy!

  1. Go to the SSL/TLS section on dash.cloudflare.com
  2. Click on the “Flexible” Setting (If you want to use the “Full” setting (which is more secure), you need to install an SSL certificate first - Video - KB article )
  3. That’s it! (If you go to “https://yoursite.com” it will no longer show the unsecured message!)

Source:

2 Likes
5

Did you mean self-signed certificate from cloudflare? if yes then I am already using cloudflare ssl

6

No, you need a certificate on infinityfree (https://app.infinityfree.net/ssls). After adding a certificate this way, you can use “Full”
Thanks

7

I have installed GoGetSSL in root domain but still I am getting the same amp warning from google search console.

8

Try using Cloudflare on “Full” SSL.

1 Like
9

I have noticed that if I use “Full” SSL on Cloudflare my subdomain showing an error

Error 525

SSL handshake failed

and previous warning still persist

10

Wait, you said before that you switched it to “Full”, now it’s not working?

12

Have you followed this guide? LetsEncript is the better SSL option, and should be working just fine. Remember to add the records in the right spot. (IF control panel if on epizy nameservers and in Cloudflare if using Cloudflare nameservers.)

13

Yeah, I had followed your guide.

Now I have installed LetsEncript on my root and sub domain.
After testing in google search console the problem

validation has been started.

Now new warning is

The certificate chain referenced by the signed exchange ‘cert-url’ cannot be parsed.

14

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.