Flexible SSL Failed to Renew - Seems to be breaking other SSL options


I’m really bummed here. Have like 25 domains on Cloudflare, always recommend them to clients and friends, including using them for my domain registration on all domains but they won’t resolve my issue because I’m “not a paying customer”. You’d think having registered all 25 of my domains with them would consider me a paying customer but I guess not. From all the digging for the past day (hours and hours wasted) it seems only someone on the inside can resolve my issue. I tried everything on every thread I came across and nothing worked.

Anybody on the FREE plan ever get this same problem resolved? I think it might be a bug in their system. I had HSTS enabled on this domain when the Universal SSL certificate expired. Seems something got crossed in their system. Maybe something with HSTS and renewal. Wish they would help me.

For whatever reason I’m now not even able to use the Cloudflare Origin Certificate - just won’t work. They must be tied together in their system somehow. The Universal SSL being expired appears to be breaking this too. On another domain of mine I’m using this without any problems.

Seems my only options are to stop using Cloudflare on this domain, try an SSL cert from an outside vendor (may not work either if my domain is messed up on their back-end), or what I’m trying now is to move this domain to another (with functioning origin cert) but setting it up as an Add-on domain. This is ok workaround since this site isn’t a client’s site but my own.

But yeah, still kind of bummed this broke. Any ideas?

Hello there,

Thanks for posting the issue. The same has been reported by another user in the below thread. However, could be different instance.

You can monitor the updates when the CF team will come up with the resolution.

I ended up paying for advanced certificate manager and creating new cert temporarily to get site back up. This confirms that with the edge certificate being empty or broken (my case since it didn’t auto renew), I’m not able to use origin certificates and maybe not even a cert hosting on my own site (didn’t try that though). After getting my site temporarily back up, I just paid for PRO plan and contacted support to ask them to fix my issue. Once my issues is resolved I will just downgrade back to FREE plan and cancel my advanced certificate manager subscription. Seems this is an issue that definitely needs to be resolved by their technical team.

Universal SSL and Origin Certificates are two different things. Flexible isn’t secure and Full (Strict) is the recommended option. You can use an Origin Cert on your server for this.

As for your issue with Universal SSL renewal, can you share the domain here?

Can you share your ticket number?

1 Like

Correct. Yes, they are different. But what I’m saying is that for whatever reason, the Universal SSL being broken (expired) also prevents Origin Cert from working. Somehow they are connected in the back-end I imagine, even though different things. For example, after I added a new SSL edge certificate by purchasing the add on for $10 a month, suddenly the Origin Certificate worked immediately using Full (Strict) as expected. Something is crossed. Waiting to hear back from support.

So the Edge Certificate is what’s served to visitors. So even though I’m using Origin Certificate on my server which encrypts between server and Cloudflare (and allows me to use Full Strict SSL), an Edge Certificate is still needed for the Cloudflare to visitor connection. That explains why when I bought a new certificate it suddently just started working. In a nutshell, I don’t need an advanced certificate (Universal SSL is fine) to encrypto between Cloudflare and the visitor as $10 a month is an unecessary expense for my small business.

Hello @markob17

Happy to follow up on the source of the Universals issue appearing to not renew if you like, if you can provide an example of the domain(S) in question &/or create a ticket and supply the ref.

Hi. You can close this thread out. Your support staff already resolved my issue by renewing my Universal SSL Edge Certificate. I paid for PRO so that I could open a support request and they were able to fix my issue within a few days. Thank you!

Thanks for confirming.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.