Cloudflare proxy

Hi, I have a CA SSL cert on my origin server that is about to expire. I’ve been using Cloudflare proxy for a while for that domain. My question is - what happens when that certificate on my server expires. Will it affect the proxy in any way? Does it care whether the certificate is valid or not?

It depends on the encryption mode you have set in the Cloudflare dashboard under “SSL/TLS”.

https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes

You will receive a 526 error. And yes, you do need a valid certificate on your server. Check out Cloudflare’s Origin certificates.

I have a Full mode set. From the doc you sent me - ’ The certificate presented by the origin will not be validated in any way . It can be expired, self-signed, or not even have a matching CN/SAN entry for the hostname requested.’. I guess that answers my question, expired cert should be just fine.

Then you have an insecure mode and should switch to Full Strict and fix your certificate as well.

Thanks sandro. I will pass it on to our DevOps team

You have the full details at Why you should choose Full Strict, and only Full Strict and also the proper steps to fix it.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.