Cloudflare SSL vs Let's Encrypt SSL

Hi,

I’ve just setup a bunch of domains (all hosted on the same server) to route via Cloudflare (free), but now when browsing to those sites, I’ve just noticed that some are using Cloudflare’s own “Cloudflare SNI SSL” and others are using Let’s Encrypt SSL. Why has Cloudflare assigned some in this way, but others not?

All of the domains have their own proper SSL cert installed on the server itself (from an actual CA, not just LE) and all of the SSL settings within Cloudflare are set to the same (the default settings). However I can’t seem to find any info on why some are being secured differently? Is there a setting I’m missing somewhere?

Thanks

They’re randomly assigned, and just as secure as the other. If nothing’s broken, as some LE certs were recently for certain devices, you can disregard the difference.

But if you really want, you can switch via the API:

2 Likes

Thanks - I brought this up as we had someone trying to access one of the LE based sites earlier and Safari (MacOS) was giving the error “This Certificate is not valid (expired root)” even though the certificate data is in 3 months time, however my own Safari (also MacOS) is working fine. They might be using an older (unsupported Safari/MacOS), although I don’t have that info at this point.

Is this because of the recent Root cert issues two weeks ago? or should they have been fixed by now?