Force SSL to renew - expired SSL

For the past 24 hours+, our site is not recognizing the active Cloudflare SSL certificate.
Background - site was migrated from HubSpot Marketing to WordPress, hosted on WPEngine a few months ago. The old HubSpot certificate apparently expired 11/16/18 0 but we no longer have access to their domain services.
The WPEngine Let’s Encrypt certificate is enabled, the Cloudflare automatic HTTPs with Full settings is enabled.
We are getting a NET::ERR_CERT_DATE_INVALID error referencing Cloudflare.

Any ideas on validating settings, updates, things we can do to force to the current active certificate?

Thanks, Jonti

Do you have access to the Cloudflare SSL/TLS settings for that domain? That page should have a section that lists your Edge Certificates. What’s listed there? I’m interested to see if it lists Dedicated certificates, or Universal certificates.

Thanks for jumping in.
It is a Universal Certificate. I am okay with upgrading, but would like to know if that would be a true resolution before I make that change.

If it’s universal, go to the bottom of that page and click Disable Universal SSL. Wait 10 minutes, then click that button again to Enable Universal SSL. This should re-issue a new certificate.

Thanks, I did that earlier today, but likely didn’t wait long enough, maybe only 1 minute or less. I was a bit timid for that kind of drastic change.
Kind of getting frustrated, so willing to give it a try at this point.

Plan B would be to order a dedicated certificate for $5/month while you wait for Support to straighten out the universal SSL.

Ok, always good to have a Plan B.

FWIW, I disabled Universal SSL. Refreshing the Crypto Page showed a message of Expired certificate next the Universal SSL Status. I waited a lucky 13 minutes, then re-enabled. At the moment, it is still pulling the old expired certificate, and indicating the Issuer is from Cloudflare, but still referencing HubSpot as the Subject.

I think I will be placing an order for the Dedicated Certificate.

1 Like

With Universal SSL disabled, I’d expect that certificate to disappear from the Edge Certificates list. When I use Dedicated Certificates, I disable Universal SSL, and then only one (dedicated) certificate is listed in the Edge Certificates section.

We purchased a Dedicated SSL about 8 hours ago, disabled Universal SSL, but still show an expired certificate with the wrong subject. Interestingly, it now shows the intermediate certificate expired in the browser details, but with an expiration date of 2020. I have no idea if that has any bearing, but still no clear trust, renewals, or release of our expired certificate.

any thoughts from the community?

It looks like nothing has changed. Is the Universal SSL certificate still listed in your Edge Certificates section of the Crypto page?

There’s an outside chance that your domain really isn’t going through your Cloudflare account, but one set up by Hubspot. On your DNS page, what are the two name servers assigned to your domain? They should be Alex and Marge.

This topic was automatically closed after 30 days. New replies are no longer allowed.