CF warns me to switch from 'Let's Encrypt' to 'Google Trust Services'

What is the name of the domain?

example.com

What is the error message?

Recently, I received an email from Cloudflare warning me about a compatibility issue of my SSL certificates, warning me to switch from ‘Let’s Encrypt’ to ‘Google Trust Services’

What is the issue you’re encountering

I do not know which steps I must take

What steps have you taken to resolve the issue?

In my origin server: Leave the certificates (“Let’s Encrypt”) unchanged

What are the steps to reproduce the issue?

As far as I understand, I must take the following two steps:

  1. In my origin server: Leave the certificates (“Let’s Encrypt”) unchanged, since they are working fine (is this step ok or must I re-issue them on the origin server?)
  2. In Cloudflare Dashboard: “re-issue” all advanced certificates (Edge Certificates - “Order Advanced Certificates” - select “Google Trust Services” as my CA)

I would appreciate any help if I am right with the mentioned two steps.

May I ask if you’re using free or paid plan?
Furthermore, may I ask if you are usimg and paying an Advanced Certificate Manager feature or just Universal SSL “as-is” free?
Are you using SSL for SaaS?

As per documentation:

Universal certificates will be automatically switched to a more compatible certificate authority (CA). You do not have to take any action to prepare for this change.

A similar one like below one or? :thinking:

If supporting client devices with outdated operating systems, like Android 7.0 or earlier, is considered not important for hosted websites/customers, then no actions should be made. Something similar in past was done since before due to the chain rotation or expiring (2021 as I remember).

From my understanding, after Sept, 30, LE certificates will sign with new chain automatically, my best guess. Since I am being curious, I’ll leave it “as-is” to see what happens. However, don’t take my opinion as the solution, since it might not apply to everyone.

Source link:

LE link:

Hi,

Thank you very much for your message.

I’m subscribed to the ‘Pro Plan’ and the ‘Advanced Certificate Manager’. And yes, that is the email I received. Sorry for not mentioning it, but there is a limit for the characters in the discussion forum :-/

I considered also to leave it unchanged to see what happens with that “outdated operating systems”.

I will check the provided links. Thank you very much again! :slight_smile:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.