I’ve just fallen prey to this:
Cloudflare has detected that your configuration is using our Authenticated Origin Pulls feature. Recently, we renewed the certificate that our edge network presents to your origin due to the upcoming expiration of the current certificate on January 11, 2020 .
To ensure uninterrupted service, you need to update your origin server to authenticate with the new authenticated origin pull certificate anytime before January 11, 2020 .
A site has gone down with a 400 Bad Request because the Origin Pull Certificate expired today. I’ve supplied my hosts with the updated origin-pull.ca.pem file and pointed them to the Apache/NGNIX settings they need to add to update the certificate.
But my hosts arer being criminally slow. In a bid to get the site back online, I quickly disabled the SSL/TLS > Origin Server > Authenticated Origin Pulls option. And I lowered my encryption mode from Full (Strict) to Full.
However the site is still displaying a 400 Bad Request. Is that normal behaviour? Surely I’m telling CF to ignore the CF Origin Pull Certificate on the origin server, while my hosts get their act together.