I’ve tried to look for a new certificate on the SSL section of Cloudflre
What are the steps to reproduce the issue?
While my nginx proxy manager is able to update the edge certificate, the two files that I have (pem and crt) that I use to upload to each and every server locally to enable SSL encryption before, now no longer work because the originally generated ssl edge certificate is now expired. I went to the edge certificate ssl section to see if I can generate and to download a new one but this feature seems to not exist. Why? How do I move forward with a new cert that seem to last only 3 months before it needs to be regenerated? It seems that only my proxy manager is able to automatically generate one but internal devices/servers that have the SSL cannot do it automatically which makes sense because they don’t have access to the internet.
Based on a couple of things in your explanation, such as e.g. these two specific quotes, it seems like you’re confusing “Edge Certificates” (on Cloudflare), with “Origin Certificates” (on your server, origin, backend, …)?
You have never been able to download any “Edge Certificates”, however, you have been able to download “Origin Certificates” from Cloudflare, to put on your server, or alternatively, to use a publicly trusted certificate on your server.
These “Origin Certificates” from Cloudflare aren’t publicly trusted though, and will require your DNS records to have their Proxy status set to Proxied ().
Hi there,
I may have “deleted” the edge certificates yesterday. But here is what I was able to download before. They are now expired so…no harm. Are these not the edge certificates?
the domain forteinnovations.work is not used publicly…must internally. That’s why you won’t see any AAA or any pointer records.
That is (rather: was) a publicly trusted certificate from Let’s Encrypt, issued as a ECDSA P-384 certificate, issued below Let’s Encrypt’s R3 intermediate.
Cloudflare’s Let’s Encrypt certificates (through Universal SSL) have always been issued as a ECDSA P-256 certificate, issued below Let’s Encrypt’s E1 intermediate.
On May 16, three certificates were issued for your domain:
Let’s Encrypt E1 certificate
→ May 16 20:36:53 2024 GMT
commonName: forteinnovations.work
Subject Alternative Name (SAN): *.forteinnovations.work, forteinnovations.work
Google Trust Services LLC
→ May 16 20:37:07 2024 GMT
commonName: forteinnovations.work
Subject Alternative Name (SAN): *.forteinnovations.work, forteinnovations.work
Let’s Encrypt R3 certificate
→ May 16 21:57:15 2024 GMT
commonName: *.forteinnovations.work
Subject Alternative Name (SAN): *.forteinnovations.work, forteinnovations.work
No.
#1 and #2 above appears to be Edge Certificates” from Cloudflare, however, the one you’re having, is #3.
#3 would seem to have been generated somewhere else, and NOT downloaded through Cloudflare.
It would likely have been from any of the many Let’s Encrypt scripts you’ve been running on your own server, and which had been communicating directly with Let’s Encrypt, although, one or some DNS tokens (e.g. TXT record(s) on _acme-challenge) have been required in order to request that certificate.