Recently, I received an email from Cloudflare warning me about a compatibility issue of my SSL certificates, warning me to switch from ‘Let’s Encrypt’ to ‘Google Trust Services’
What is the issue you’re encountering
I do not know which steps I must take
What steps have you taken to resolve the issue?
In my origin server: Leave the certificates (“Let’s Encrypt”) unchanged
What are the steps to reproduce the issue?
As far as I understand, I must take the following two steps:
In my origin server: Leave the certificates (“Let’s Encrypt”) unchanged, since they are working fine (is this step ok or must I re-issue them on the origin server?)
In Cloudflare Dashboard: “re-issue” all advanced certificates (Edge Certificates - “Order Advanced Certificates” - select “Google Trust Services” as my CA)
I would appreciate any help if I am right with the mentioned two steps.
May I ask if you’re using free or paid plan?
Furthermore, may I ask if you are usimg and paying an Advanced Certificate Manager feature or just Universal SSL “as-is” free?
Are you using SSL for SaaS?
As per documentation:
Universal certificates will be automatically switched to a more compatible certificate authority (CA). You do not have to take any action to prepare for this change.
If supporting client devices with outdated operating systems, like Android 7.0 or earlier, is considered not important for hosted websites/customers, then no actions should be made. Something similar in past was done since before due to the chain rotation or expiring (2021 as I remember).
From my understanding, after Sept, 30, LE certificates will sign with new chain automatically, my best guess. Since I am being curious, I’ll leave it “as-is” to see what happens. However, don’t take my opinion as the solution, since it might not apply to everyone.
I’m subscribed to the ‘Pro Plan’ and the ‘Advanced Certificate Manager’. And yes, that is the email I received. Sorry for not mentioning it, but there is a limit for the characters in the discussion forum :-/
I considered also to leave it unchanged to see what happens with that “outdated operating systems”.
I will check the provided links. Thank you very much again!