Expired Edge SSL Certificate, where to find new cert?

What is the name of the domain?

forteinnovations.work

What is the error message?

edge SSL certificate expired

What is the issue you’re encountering

edge SSL certificate expired

What steps have you taken to resolve the issue?

I’ve tried to look for a new certificate on the SSL section of Cloudflre

What are the steps to reproduce the issue?

While my nginx proxy manager is able to update the edge certificate, the two files that I have (pem and crt) that I use to upload to each and every server locally to enable SSL encryption before, now no longer work because the originally generated ssl edge certificate is now expired. I went to the edge certificate ssl section to see if I can generate and to download a new one but this feature seems to not exist. Why? How do I move forward with a new cert that seem to last only 3 months before it needs to be regenerated? It seems that only my proxy manager is able to automatically generate one but internal devices/servers that have the SSL cannot do it automatically which makes sense because they don’t have access to the internet.

There are no AAAA or A record(s) on neither the naked domain, nor the “www” variant.

Is there any sub-domain(s) where we are able to test and confirm this?

What do you see under “Edge Certificates”?

https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates

Based on a couple of things in your explanation, such as e.g. these two specific quotes, it seems like you’re confusing “Edge Certificates” (on Cloudflare), with “Origin Certificates” (on your server, origin, backend, …)?

You have never been able to download any “Edge Certificates”, however, you have been able to download “Origin Certificates” from Cloudflare, to put on your server, or alternatively, to use a publicly trusted certificate on your server.

These “Origin Certificates” from Cloudflare aren’t publicly trusted though, and will require your DNS records to have their Proxy status set to Proxied (:orange:).

1 Like

Hi there,
I may have “deleted” the edge certificates yesterday. But here is what I was able to download before. They are now expired so…no harm. Are these not the edge certificates?

the domain forteinnovations.work is not used publicly…must internally. That’s why you won’t see any AAA or any pointer records.

That is (rather: was) a publicly trusted certificate from Let’s Encrypt, issued as a ECDSA P-384 certificate, issued below Let’s Encrypt’s R3 intermediate.

Cloudflare’s Let’s Encrypt certificates (through Universal SSL) have always been issued as a ECDSA P-256 certificate, issued below Let’s Encrypt’s E1 intermediate.

On May 16, three certificates were issued for your domain:

  1. Let’s Encrypt E1 certificate
    May 16 20:36:53 2024 GMT
    commonName: forteinnovations.work
    Subject Alternative Name (SAN): *.forteinnovations.work, forteinnovations.work

  2. Google Trust Services LLC
    May 16 20:37:07 2024 GMT
    commonName: forteinnovations.work
    Subject Alternative Name (SAN): *.forteinnovations.work, forteinnovations.work

  3. Let’s Encrypt R3 certificate
    May 16 21:57:15 2024 GMT
    commonName: *.forteinnovations.work
    Subject Alternative Name (SAN): *.forteinnovations.work, forteinnovations.work

No.

#1 and #2 above appears to be Edge Certificates” from Cloudflare, however, the one you’re having, is #3.

#3 would seem to have been generated somewhere else, and NOT downloaded through Cloudflare.

It would likely have been from any of the many Let’s Encrypt scripts you’ve been running on your own server, and which had been communicating directly with Let’s Encrypt, although, one or some DNS tokens (e.g. TXT record(s) on _acme-challenge) have been required in order to request that certificate.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.