What is the domain name?
[type or paste code here](http://www.paradiseretreats.com)
Have you searched for an answer?
Describe the issue you are having:
When DNS proxy is applied to www subdomain, an expiring SSL certificate (4 days left) is provided by Cloudflare. The Universal SSL certificate was renewed today and is not expiring. The Let’s Encrypt SSL certificate on the server (covers www, stage and naked domain) was renewed today and is not expiring. When DNS proxy is turned off, the correct certificate on the server is used. This certificate has 89 days left. The naked domain and stage subdomain are showing 89 days left on the certificate when DNS proxy is enabled for them. Why is Cloudflare serving the wrong certificate for this specific sub domain(www)? Certificate tests preformed with SSL Labs and Nagios.
SSL Labs www
SSL Labs naked domain
What steps have you taken to resolve the issue?
- Force renewed Let’s Encrypt certificate on the server
- Disabled and reenabled Universal SSL in Cloudflare to issue new certificate
- Tested with and without DNS proxy. Confirmed that only a single subdomain is affected.
Was the site working with SSL prior to adding it to Cloudflare?
Have you tried from another browser and/or incognito mode?