Edge Cert in "deleted" status, can't fix

i wasn’t using the free universal edge cert, lost track of it and couldn’t figure out how to download it again, because there isn’t any link on Cloudflare to do that, so i deleted it with the hope of creating a new one.

now the curl -x patch fix isn’t working, despite giving a success message:
More? --data “{"certificate_authority":"digicert"}”
{“result”:{“enabled”:true,“certificate_authority”:“digicert”},“success”:true,“errors”:,“messages”:}

dragracingtvDOTcom

You shouldn’t need to download the Edge Certificate.

Cloudflare will automatically use the Edge Certificate certificate when serving (proxied :orange:) requests. You may be thinking of an Origin Certificate (which you should install on your origin server)?

If you toggle off Universal SSL through the dashboard and then toggle it back on it should generate a new edge certificate

but yeah you can’t download edge certs

1 Like

i think that it started because i got the free edge cert mixed up with imported ssl certs for the paid plans, which can be deleted, then yeah i got it confused with the origin cert.

i toggled it in the dashboard, so far it’s not coming back.

You said you tried to fix via the API already, do you mean like this?

curl -X PATCH "https://api.cloudflare.com/client/v4/zones/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/ssl/universal/settings" -H "Content-Type:application/json" -H "X-Auth-Key:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" -H "X-Auth-Email:[email protected]" --data '{"certificate_authority": "digicert"}' 

Try letsencrypt instead of digicert, changing it this way should trigger generation of a new certificate

yes, the curl -x patch didn’t work despite running successfully, i tried it twice.

i thought that we can’t use 3rd-party ssl certs with the free Cloudflare plan? maybe i need to do some more research.

The Let’s Encrypt that user4358 is referring to there is still automatic: Cloudflare will generate a Let’s Encrypt certificate for you (instead of Digicert).

that tip does work on the base url, thx for posting it.

the subdomain.domain however is not secure, but i never tried that before, and it might also be a dns issue.

the previous api post was giving “unmatched close/brace bracket” errors, but this works, although some of the slashes aren’t transferring over to this post:

curl -X PATCH “https://api.cloudflare.com/client/v4/zones/{xxxxxxxxxxxxxxxxxxxxxxxxxxxx}/ssl/universal/settings” ^
-H “X-Auth-Email: [email protected]” ^
-H “X-Auth-Key: xxxxxxxxxxxxxxxxxxxxxx” ^
-H “Content-Type: application/json” ^
–data “{"certificate_authority":"lets_encrypt"}”

What subdomain? Universal SSL certificates should cover example.com and *.example.com so all one-level subdomains should be good to go. Multi-level subdomains like a.b.example.com won’t work with Universal SSL certificates. They can be accommodated by Advanced Certificate Manager – not every possible subdomain because multi-wildcards like ..example.com still aren’t allowed but wildcards like .b.example.com or a..example.com can be added.

it’s subdomain.domain.com, which should work so i think there is something else going on, possibly in part with the dns.

the browser fails with ERR_SSL_VERSION_OR_CIPHER_MISMATCH

however:
" 3. Understand how the certificate works
Certificates will only cover a single level of subdomains (.example.com, but not *…example.com):