Cloudflare use some different ssl certificate

Hello guys,

I have a trouble with expiring ssl certificate. I can’t find this certificate in cloudflare admin. I have only “Edge” and “Origin” certificates.
For the main domain enabled strict ssl/tls mode.

Any ideas where I can find this expiring ssl certificate ?

Thanks.

Most likely on your webserver. Check your server configuration and its certificate and renew it if necessary. You can also look into Cloudflare’s Origin certificates, as they can have a longer validity, if you prefer that.

Now at the server side configured the “Origin” certificate from cloudflare. But in browser shown completely different cert.

The browser will show the proxy certificate and that’s managed by Cloudflare. The Origin certificate is managed by you and needs to be renewed.

No, the problem is that in my browser shown the expiring certificate that I can’t find in my systems(clodflare/server/lb).

What domain is it?

Which plan level are you on?

Your proxy certificate does expire in two days, but works currently perfectly fine. Did you check your date already?

We are using “Professional Plan”.

Yes it is expire in two days, and I want to change it today, but as I mentioned before, I can’t change this cert. to cert. issued by cloudflare.
Because I can’t find it anywhere.

So there’s no issue with certificate in the first place?

The proxy certificates are managed by Cloudflare and will be renewed whenever necessary. You don’t need to do anything.

Sorry, but how do you know that this certificate is managed by cloudflare?

Or do you mean that when it expires, cloudflare sets up its own certificate instead of it?

Ehm, because proxy certificates are always managed by Cloudflare, unless you provided your own and that would require a Business plan, which you do not have.

Post a screenshot of https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates.

Just to clarify, in my case, cloudflare manage certificate that was issued by Global Sign. And it will be changed to issued by cloudflare certificate in two days, am I right ?
I just afraid that I don’t see this certificate in cloudflare admin.

Yes, sorry.

All right, that’s a bit odd then.

For starters, I’d assume the Universal certificate will take effect when your current certificate expires.

Nonetheless, was your domain active on any other service before which is a partner of Cloudflare? In that case their certificate could still be active. You didn’t use a Business plan either, right?

No, we didn’t have Business plan.
As I know this domain was placed at Cloudflare(last few years).
But until the end of the 2020 year it used Shopify to sell products.

Well, the certificate was issued in 2020, so I wouldn’t be surprised if that was still tied to them. Such integrations often leave behind some relicts.

Still, you do appear to have a valid Universal certificate in place right now, so my assumption would be that should just switch over then.

What you could try is to switch certificate authority. That would re-issue a new certificate and might just replace the current one. For that can use the undocumented certificate_authority field of the Cloudflare API v4 Documentation call.

curl -X PATCH "https://api.cloudflare.com/client/v4/zones/[zone_id]/ssl/universal/settings" \
     -H "Content-Type: application/json" \
     -H "X-Auth-Email: [YOUR-EMAIL-ADDRESS]" \
     -H "X-Auth-Key: [YOUR-GLOBAL-API-KEY]" \
     --data '{"certificate_authority": "digicert"}'

I’ve just tried to made this call but looks like it isn’t help.