From b0dfa9ac19574ca2d6729b94cfcb28f04486ce80 Mon Sep 17 00:00:00 2001 From: Nic <123965403+ngayerie@users.noreply.github.com> Date: Fri, 18 Apr 2025 13:56:13 +0200 Subject: [PATCH 1/3] [SSL] Update troubleshooting.mdx --- .../origin-ca/troubleshooting.mdx | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/content/docs/ssl/origin-configuration/origin-ca/troubleshooting.mdx b/src/content/docs/ssl/origin-configuration/origin-ca/troubleshooting.mdx index bcecfeda114068..beb825e29ab545 100644 --- a/src/content/docs/ssl/origin-configuration/origin-ca/troubleshooting.mdx +++ b/src/content/docs/ssl/origin-configuration/origin-ca/troubleshooting.mdx @@ -42,4 +42,23 @@ Apache cPanel requires that you upload the Cloudflare origin CA root certificate ### Solution Use the following link to download an RSA version of the root certificate and upload it to your origin web server: -* [Cloudflare Origin RSA PEM](/ssl/static/origin_ca_rsa_root.pem) \ No newline at end of file +* [Cloudflare Origin RSA PEM](/ssl/static/origin_ca_rsa_root.pem) + +## Error message `Failed to validate requested hostname : This zone is either not part of your account, or you do not have access to it` + +### Cause +This is a known issue where whilst being created on the Cloudflare Dashboard, Origin CA requires API access for the user creating the origin certificate. +If API Access is disabled for the account, this error is returned. + +### Solution +Please make sure that user creating the certificate has access to the API. +You can check under Account Home > Manage Account > Members: toggle `Enable API Access` to On. + +## Origin Server page is showing Origin CA from another zone from the account + +### Cause +This is a known issue where when the Origin Server page is opened for a zone, then for another zone, it shows the certificate from the first zone. + +### Solution +You need refresh to the page in your browser to list the correct Origin CA for the zone. + From df4bdf9ed046a9571b95067b220c2cb86dc2680a Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Tue, 22 Apr 2025 13:43:03 +0100 Subject: [PATCH 2/3] Move full API Access error to body and add solution details --- .../origin-ca/troubleshooting.mdx | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/content/docs/ssl/origin-configuration/origin-ca/troubleshooting.mdx b/src/content/docs/ssl/origin-configuration/origin-ca/troubleshooting.mdx index beb825e29ab545..aa88e0a6a931b3 100644 --- a/src/content/docs/ssl/origin-configuration/origin-ca/troubleshooting.mdx +++ b/src/content/docs/ssl/origin-configuration/origin-ca/troubleshooting.mdx @@ -44,15 +44,20 @@ Use the following link to download an RSA version of the root certificate and up * [Cloudflare Origin RSA PEM](/ssl/static/origin_ca_rsa_root.pem) -## Error message `Failed to validate requested hostname : This zone is either not part of your account, or you do not have access to it` +## This zone is either not part of your account, or you do not have access to it + +When trying to generate an Origin CA on the dashboard, you find the error `Failed to validate requested hostname : This zone is either not part of your account, or you do not have access to it`. ### Cause -This is a known issue where whilst being created on the Cloudflare Dashboard, Origin CA requires API access for the user creating the origin certificate. -If API Access is disabled for the account, this error is returned. +This is a known issue where, whilst being created on the Cloudflare dashboard, Origin CA requires API access for the user creating the origin certificate. +If the user does not have **API Access**, this error is returned. ### Solution -Please make sure that user creating the certificate has access to the API. -You can check under Account Home > Manage Account > Members: toggle `Enable API Access` to On. +Make sure that the user creating the certificate has access to the API. You can check under **Account Home** > **Manage Account** > **Members**: + +- The default setting for the account is specified in the card **Enable API Access**. +- Specific user API Access (which can override the default setting) is presented after selecting the user in the list of members. + ## Origin Server page is showing Origin CA from another zone from the account From ed3778cad53bba1a6ca03f34d8d194f52ef5a656 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Tue, 22 Apr 2025 13:51:59 +0100 Subject: [PATCH 3/3] Slight text adjustments to refresh error --- .../ssl/origin-configuration/origin-ca/troubleshooting.mdx | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/content/docs/ssl/origin-configuration/origin-ca/troubleshooting.mdx b/src/content/docs/ssl/origin-configuration/origin-ca/troubleshooting.mdx index aa88e0a6a931b3..ac8366725606b5 100644 --- a/src/content/docs/ssl/origin-configuration/origin-ca/troubleshooting.mdx +++ b/src/content/docs/ssl/origin-configuration/origin-ca/troubleshooting.mdx @@ -58,12 +58,11 @@ Make sure that the user creating the certificate has access to the API. You can - The default setting for the account is specified in the card **Enable API Access**. - Specific user API Access (which can override the default setting) is presented after selecting the user in the list of members. - -## Origin Server page is showing Origin CA from another zone from the account +## Origin Server page displays origin certificates for another zone in the account ### Cause -This is a known issue where when the Origin Server page is opened for a zone, then for another zone, it shows the certificate from the first zone. +This is a known issue where, when the Origin Server page is opened for different zones in sequence, it displays the certificates from the first zone. ### Solution -You need refresh to the page in your browser to list the correct Origin CA for the zone. +Refresh the page in your browser to get the correct origin certificates list for current zone.