Certificate for proxied site expiring in 14 days

The certificate for one of my domains, www.dazzit.com, is expiring in less than two weeks, on 21 Jun.

Cloudflare is serving the apex of the domain directly.

The www name is proxied.

I’m not sure where the 21 Jun date is coming from? The Universal certificate for the domain expires on 7 Sep.

Today I tried turning Universal SSL off and then back on. That didn’t seem to fix the problem, so I tried turning proxying off and then back on. That didn’t fix the problem either.

Btw, when I turned Universal SSL off and then back on, the pending certificate asked me to add an _acme-challenge TXT record. I did, and the status changed from pending to active.

I got an email asking me to add an _acme-challenge.www TXT record many weeks ago, on 21 May. While investigating the problem this weekend I discovered that I had missed the first two letters of the challenge, “Y-”, because the challenge key wrapped; those letters were on the previous line, and the rest of the challenge was on the next line.

That’s almost certainly where the problem started. I’m just not sure what else I should do to fix it?

Also: I deleted the old _acme-challenge.www (but not the new _acme-challenge) TXT record, on the assumption that _acme-challenge.www challenge became invalid once I toggled Universal SSL.

What else can I try?

I found the problem.

www is now proxied to an origin server, but it was once a Pages site.

I still had the Pages project, and www was still listed in that project as a Custom Domain. (It was Inactive, with a Reactivate button.)

Somehow, even though www was successfully being served from elsewhere, Pages still controlled the www certificate.

I deleted the Custom Domain from Pages, and within a second or so www switched to the Universal SSL certificate.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.