ACM question

Hello there,

I recently started using the Advanced Certificate Manager with my Cloudflare subscription. I was just wondering if I need to keep buying access to the ACM if I don’t need to generate anymore certificates. I only need 1 certificate which covers the whole of my website, which I have. Does my certificate stay active until it expires even if I cancel my ACM subscription?

Many Thanks.

Hi @luckvintage,

It depends on the certificate you have and are using. If you need any certificate other than the universal wildcard one, you still need ACM. I don’t believe you will keep the custom certificates issued if you cancel the plan, once the current billing period has elapsed, but perhaps @simon or someone else could confirm that.

Hi there!

Thank you very much for your reply, much appreciated.

I am only interested in using the universal wildcard that covers the root of my domain and all subdomains, after this certificate has been generated I do not need to generate anymore until this certificate expires in 1 year time.

I was just thinking about this because the subscription itself for the ACM allows access to the certificate manager and if I no longer need to use the certificate manager to generate certificates I was thinking the certificates generated might stay. Hopefully someone could confirm this.

Thank you!

Can you post a screenshot of the edge certificates issued under SSL/TLS > Edge Certificates? If you only need the root domain and first level subdomain, it sounds as though you don’t need anything other than the free universal certificate, anyway.

Here is the screenshot as requested. I am currently using the top SSL Certificate, issued by Let’s Encrypt.

The only reason I am using a dedicated certificate is because I wanted a certificate issued directly to my domain compared the cloudflare universal SSL where the certificate isn’t issued directly to my domain.

Oh, I see. So you just have that for the common name on the cert, not because you need any additional hostnames covered.

I expect that would disappear if you cancelled ACM, but I’m not sure.

I would expect the certificate to disappear if the ACM was cancelled too. I will run a test and cancel my ACM and let you know what happens!

Thanks.

1 Like

You can always wait and see if a staff member responds here before you cancel it, but please do let us know what happens if you do. No problem!

Tagging @simon @cloonan @cs-cf

1 Like

Good idea, I’ll wait and hopefully a staff member can shed some light on this. Thanks again for your help! Much appreciated.

1 Like

Not 100% sure on the answer here, but asking our SSL team to confirm.

2 Likes

Thanks, @simon.

1 Like

So the intention here is you must keep your ACM subscription running to keep your certificate. Right now, we do not remove/revoke the certs when you cancel - but there is work tracked internally to make this behaviour consistent.

Thus - I would not recommend you rely on keeping the cert if you cancel - at some point in the future the cert will be yoinked from under you when we fix the issue.

Of course you do have a Universal SSL cert there always as your backup, but it won’t be like for like the same as your ACM cert.

5 Likes

Hi Simon,

Thank you very much for clearing that up. In that case I’ll keep my ACM subscription running. :grinning:

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.