Hi,
I’ve been trying to install a Cloudflare Origin CA certificate for my website as custom domain as I use Cloudflare upfront on my domain name, however it just says it’s not PEM formatted OR it says it’s not the correct private key, and I don’t know why. I do choose the PEM format and these also work fine on a test Nginx instance I spinned up on my computer. I generate those from the web UI on the Cloudflare Dashboard though…
If you use Cloudflare on your domain, doesn’t it automatically generate a SSL and use it? As I’m seeing now, your website is loading over SSL provided by Cloudflare, so is there ahy specific reason why you need to setup the SSL in Netlify?
Fair point. The certificate should easily work. It doesn’t really need a lot of configuration. In any case, a support engineer would take up your case soon.
@adjunct Welcome to the Netlify community.
You seem not to have a CNAME for your www custom subdomain, and you also seem to have DNSSEC turned on at Cloudflare, which doesn’t work with Netlify.
|==================== whois check for DNSSEC ====================
| --------------------- should be unsigned ----------------------
DNSSEC: signedDelegation
DNSSEC: unSigned
|================================================================
Hi,
I can confirm. We have the same issue for Cloudflare Origin Certificate. For one of our projects it works fine to set up the custom cert. But for all other projects it says repeatedly “Private key did not match certificate” which is definitely not the case.
Website: sevdesk-website-es.netlify.app
Custom Domain: sevdesk.es
I just tried to use the safer CSR generation method to obtain a Cloudflare Origin CA certificate, but no success here either. Netlify simply doesn’t want to install the certificate.
“Private key did not match the certificate”.
Looks like the issue is being addressed currently.
I suppose we’ll wait for future developments
Hey there @adjunct and @Kermin ,
This is being looked into by one of our teams! We will follow up on this thread when we have any developments.
Thank you for your patience!
We’ve shipped a fix for this. 
Could you please try it again and let us know how it goes?
It works fine now! 
Hi, @adjunct. Thank you for both reporting the issue and for confirming it is working now. Both help us to improve our service and we appreciate you taking the time to follow-up with us.
If there are other questions or concerns, please let us know.