How long to wait the Universal Certificate to renew?

What is the name of the domain?

dokter.or.id

What is the issue you’re encountering

the Universal Certificate is not renew after it was expired

What steps have you taken to resolve the issue?

Turn off the proxy status; I replaced the origin cert (from Cloudflare) and applied for the Lets Encrypt certificate from my hoster.
After waiting for more than 24 hours, it seems the universal certificate has not been renewed yet. The backup certificate does not seem to do anything like it is supposed to do as a backup cert, which is why I am turning off the proxy status.
Does anyone know when usually how long it takes the Universal Certificate to renew?
I believe it should be automatic, or is there a way to trigger the Universal Certificate to renew?
Thank you in advance for any suggestions and help.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full (strict)

Could you share the screenshot of this error coming from the Cloudflare dashboard → SSL/TLS settings → Edge Certificates? :thinking:

DNSSEC is not the issue, Cloudflare nameservers are in place.
However, it seems your domain name is in a renew period.
Did you renew it on time or was late with it? :thinking:

Created On: 2004-04-26 13:23:56
Last Updated On: 2021-10-06 06:51:38
Expiration Date: 2027-10-01 23:59:59
Status: clientTransferProhibited
Status: renewPeriod

As per you’ve stated which steps you’ve already taken, which are even described in the article from below:

There seems to be unproxied A type DNS record for your domain, which might be the reason why the Universal SSL certificate isn’t active/renewed. WWW version seems to be CNAME type.

Kindly, proxy :orange: it and try again.

;; ANSWER SECTION:
dokter.or.id.           0       IN      A       85.xx.xxx.xxx
1 Like

Thank you for your post and suggestion.

The Edge Certificates screenshot

Regarding domain renewal, I made the request on 27 September 2024 to my registrar, but it seems they updated it on 29 September 2024, if I am not mistaken. But I know it was not the problem since I can still access the domain.

I know the domain had an SSL problem long before I made a request for domain renewal, but I did not have time to check the problem. At least, that is what it showed on the Uptime Kuma.

I have two uptime kuma; the main uptime kuma said the problem has been going on since 23 September, but it is too bad the data from the Uptime Kuma was deleted older than 23 September.


It became normal after I turned off the proxy.

The second Uptime Kuma notified that the cert expires on 21 August 2024

Yes, I was forced to make it without a proxy since there was no Universal Cert. The www is pointing to dokter.or.id I think I set it like that to ensure the www will redirect to the plain domain, aka dokter.or.id.

Thank you for your information! Now I know that disabling and enabling the Universal Cert will trigger the cert to renew. I will do it right away, but do I need to disable it and let it for half an hour on disable, and reenable it after that, or can I do that right away?

Thank you for your reply, information and suggestions.

Thank you for sharing feedback information.

Agree, I’d give it one more try.
Disable it. Give it 20mins, then re-enable and again leave for some minutes to see if things will get changed (navigate back and forth).

If it will not re-issue, you can create a ticket here https://dash.cloudflare.com/?to=/:account/support and share the ticket numer here with us so I could escalate your case to the team. Thank you in advance.