Download wildcard Universal SSL Certificate for my domain name

Hi Team - We have our DNS hosted on Cloudflare and it provides the free universal SSL certificate which is the wildcard certificate and I can see that whenever I try to visit my website. but I want to download the universal SSL certificate so that I can use the same cert on my other servers, b/c it’s the wildcard cert. do let me know if there is a way I can download the universal SSL cert. as I don’t want to generate a new one from the same let’s encrypt authority.

Thank you.

That’s an edge certificate. You cannot download edge certificates. If you need a certificate for your server, you can either use LetsEncrypt on your server (you can generate wildcard certificates using DNS-based authentication) or you can generate an Origin Certificate through Cloudflare to put on your server. Cloudflare’s origin certificates are trusted by Cloudflare’s proxy but NOT trusted by browsers and thus are only usable when traffic is proxied through Cloudflare. If you ever need to unproxy the traffic you’ll have a problem. But they’re 15-year expiration so that’s nice.

1 Like

Thanks a lot for the quick response. I think I will need to request the new wildcard SSL for my other servers. Will I be facing any problem requesting a new wildcard from letsencrypt as they have already issued one wildcard SSL that is being used on proxied connections?

Nah it’s fine, there are some rate limits on LetsEncrypt but they are quite generous, 50 certificates per week per domain, dropping to 5/week for “duplicate” certificates (completely identical). You’re very unlikely to run into any issues.

Using LetsEncrypt / certbot on your server you can easily create a single certificate for all your domains including wildcard subdomains for all of them.

This is how I do (this requires the “certbot-dns-Cloudflare” plugin which can be installed via snap):

certbot certonly --key-type ecdsa --elliptic-curve=secp384r1 --must-staple --dns-cloudflare --dns-cloudflare-credentials ~/cloudflare.ini -d example.com -d *.example.com -d example.net -d *.example.net

Just throw all your domains on there, you can have 100 “names” on a certificate so if also using a wildcard subdomain for each that’d cover 50 total domains.

Cloudflare.ini needs to contain an API key with “Edit zone DNS” permission; you’ll need to go into your Cloudflare profile to generate the token

dns_cloudflare_api_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
1 Like