Cloudflare Certificates are now picked instead of AWS

We have a Universal Type certificate for * in Cloudflare.
Also, we have another certificate provisioned for in AWS via ACM.

Now, before today, all the requests to was pointing to AWS certificates (chain), but since today, all the requests to the same URL are now picking up the Cloudflare certificates (chain). We have no idea why is this happening. No configuration was done on either AWS or cloudflare from our side.

Only thing that we see is that the Universal certificate is renewed today, but that doesn’t tell us if that’s the cause of this problem or the effect of it. The reason I am raising this issue is because we have SSL Pinning enabled for our Android Application, and we had AWS Certificates pinned for the last 1 year and now since cloudflare certificates are being picked, pinning is failing.
Any help would be appreciated.


Are you sure you ordered an Advanced Certificate with AWS? I’ve never seen that as an option:

1 Like

Apologies for the confusion but when I say ACM, I meant AWS Certificate manager. Not the cloudflare’s Advanced CM. Basically hitting should have given certificates configured in AWS but it gave the certificate for * which is configured in Cloudflare.

Has been switched from “DNS only” to “proxied” by mistake?


Yes it is Proxied but it was done 6 7 months before, we should have faced this much earlier than today

If it was proxied for that long, queries for that host would have only been able to see the Cloudflare edge certificate. You’ll need to check if the application is actually querying that name, or falling back to an IP address or something else, like a redirect or a direct-to-AWS link, that meant it was bypassing the Cloudflare proxy.

(I assume you have Universal SSL and haven’t uploaded your own certificate to the Cloudflare edge?)

What is the domain and subdomain?


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.