How to change Cloudflare certificate from LetsEncrypt?

Some of my customers cannot view my site, because of that two-months-old problem with expired LetsEncrypt trust on old devices. As I cannot force all of my visitors update in batch, I would like to change the CA to something else.

here I found some reply that Cloudflare randomly assigns either LetsEncrypt or DigiCert or whatever, but it doesn’t say how to change one. Same as author of that topic, I see other sites on Cloudflare using non-LE certificates and having no problem on old device, and it is a bit frustrating. Is there a way to force the change to another certificate? Is it possible on free tier?

There is an undocumented API call that will change the CA to DigiCert:

 curl -X PATCH "https://api.cloudflare.com/client/v4/zones/[zone_id]/ssl/universal/settings" \
     -H "Content-Type: application/json" \
     -H "X-Auth-Email: [YOUR-EMAIL-ADDRESS]" \
     -H "X-Auth-Key: [YOUR-GLOBAL-API-KEY]" \
     --data '{"certificate_authority": "digicert"}'
4 Likes

Many thanks, this worked

1 Like

I had this same issue as many of our website users have old devices and it wasn’t practical to ask them all to upgrade.

I opened a support ticket at CF and within a day they had switched us to Digicert from LE. There was only a minute or two of downtime.

J

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.