Cloudflare won't replace Let's Encrypt SSL after moving site to Cloudflare

I’ve moved few sites to Cloudflare but newer had this type of problem.

Before moving site to Cloudflare, Let’s Encrypt SSL was on site. After moving to CF Let’s Encrypt stays on site and in SSL/TLS under Edge certificates is a universal certificate Let’s Encrypt. I was expecting that after moving into Cloudflare name servers it will be Cloudflare universal auto-renewed not that Cloudflare auto-renews Let’s Encrypt.
If I delete Let’s Encrypt from my server should Cloudflare automatically set his own auto-renewed SSL?

I am using Full SSL option.

No, they will be actually different certificates, Cloudflare will update their own managed Let’s Encrypt cert and you should continue to update your server’s (or substitute it with one of the free, but longer lasting Origin Certificates from Cloudflare).

If the config is what you say, you should set it to Full (Strict), which is better as they validate the origin one.

1 Like

So you say, after installing Origin CA certificate on server, and switching to Full(strict) SSL, Let’s Encrypt certificate will be replaced with Cloudflare-s certificate?

No, it will not. It will remain a Let’s Encrypt one, managed by Cloudflare. What would be the difference to you?

1 Like

To me no difference but to owner of site there will be difference. That is the problem.
I need Cloudflare auto-renewed certificate on Edge certificates.

Why will there be a difference? The Let’s Encrypt cert that Cloudflare puts there is perfectly valid and functionally identical to the other. They just use one or the other at random.

1 Like

In browser info about certificate will be Let’s Encrypt but let’s say that client paid for Cloudflare. That would be problem because a lot of clients don’t have understanding for that sort of things.

Then explain that to them. This is not Cloudflare’s problem. If you really want to chose pay 10$/month and you can choose at will with the advanced certificate manager.

3 Likes

So there is no way to replace Let’s Encrypt on Edge side with Cloudflare certificate?

Maybe if I disable universal certificate it will set Cloudflare certificate on enabling?

Yes.


1 Like

Cloudflare is not a certificate authority. Any cert Cloudflare deploys to it’s edge will be issued by a CA partner.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.