Changes to Universal certificates and Total TLS

1. So Cloudflare will stop using DigiCert as an issuing certificate authority (CA) for new Universal certificates.
Read here:

Question: Which Certificate Authority will Cloudflare migrate to? There is no explanation for that.

2. I see that Cloudflare now has a new Total TLS option where you can choose CA from Let’s Encrypt or Google Trust Services

Question: For Total TLS, you need to purchase Advanced Certificate Manager. However, Let’s Encrypt is free. Why is Cloudflare asking us to purchase a subscription for a free SSL certificate?
Most hosting services issue a free Let’s Encrypt certificate now. Why can’t we just use something like that on Cloudflare?

Universal SSL has always been load balanced between the available CAs - it doesn’t really matter which your certificate goes to.

Because Cloudflare is a business - or more specifically, Total TLS is just an automation of what’s already possible with ACM so you’d naturally need ACM.

The other benefits of ACM are listed here:

You’re free to continue using a free certificate if you don’t need Total TLS or ACM.

2 Likes

To be clear, Cloudflare will continue to provide Let’s Encrypt and Google certificates for free in the same way they did before.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.