CF shared certificate not working?

Hi there,

  1. Our webserver used to use SSL via Let’s Encrypt which is integrated into our hosting provider.
  2. I setup SSL in STRICT mode in Cloudflare
  3. I created Origin Server certificates and uploaded them to you webserver and enabled the new CF SSL certificate for our domain.

Issue: Even 1 week later now lock-icon in my browser still show the old certificate. I have tried multiple bowsers, cleaning cache in CF, webserver and in the browser.
I have texted a lot with our support from the hosting company - but they keep saying they can’t do anything about it and that I have to speak to CF. I message CF 5 days ago - but still no response?

Anybody in here have a slight clue what is going on - and would be able to point me in the right direction?

Thank you so much in advance!

Best regards,

Cloudflare is not a certificate authority, they issue certificates through partners such as Let’s Encrypt for the edge certificate. The origin cert secures communication between Cloudflare and your origin and is not visible to users. Looks like it is working.

Thank you so much friend for making me understand this. But in case I like to use the generated CF certificates (the same as I uploaded the my hosting provider) - then what do I do (I’m currently on a CF PRO subscription to 20$/month)?

That certificate is generated by Cloudflare and is not a trusted certificate by anything other than Cloudflare’s edge. If you connected directly to your origin you will receive a warning that the certificate is not trusted. It’s not possible to use that certificate a client facing certificate on Cloudflare’s edge.

  1. Okay I understand - but most sites which are using CF are showing a “…” certificate in the browser - how are their setup different than mine then?

  2. Just to be 100% sure that I understand you. My current setup in 100% encrypted from client <–> CF <–> Origin Server, right?

  3. Can I enhance the security of my current setup by using another configuration/other certificates or similar? Or is it only a matter of what name is presented to the user of our site in the browser?

Cloudflare uses multiple certificate authorities. The details of the certificates vary slightly in format, but not in function.

You’ve indicated you are using Full Strict so yes.

There is no functional difference between a certificate issues by Let’s Encrypt vs. Digicert vs. %other CA% with regards to certificates issues on Cloudflare’s edge as part of a Universal SSL config. There are other certificates which one could upload such as an EV certificate which some vendors make claims about improved security but those are dubious at best.

1 Like

I see - but that our certificate is from Let’s Encrypt is just random or it is something I can select/specify somewhere in CF?

Thank you so much for your assistance! Highly appreciated friend! :slight_smile:

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.