I have HTTPS cert bought from GoDaddy. When I checked cert info in browser, I saw the cert’s validity not following my HTTPS, but from Cloudflare itself. How come ?
Example, my HTTPS expires on July 07, 2022, but browser shows Mon, 05 Jun 2023 23:59:59 GMT
When you proxy a site through Cloudflare, there is a Cloudflare-provided certificate that is used for the link between the browser and Cloudflare. The certificate you have on your server is used for the link between Cloudflare and your server.
Since Cloudflare provides HTTPS from browser to Cloudflare, if my HTTPS has expired, will Cloudflare still able to connect to my server without HTTPS ?
You should renew that certificate on your origin server to maintain security between Cloudflare and you.
I will renew soon. But I want to know what will happens if cert is expired. From Cloudflare to my server, will error happens ?
The reason I asked is because I am not able to verify whether my patch to renewed HTTPS is correct or not, because when I use openssl s_client to extra what I got is from Cloudflare cert. Any help on how to veirfy my cert is patched correctly ?
Try openssl against the origin server:
openssl s_client -connect 123.123.123.123:443 -servername example.com
If the certificate on your origin server expires and your SSL Mode is set to Full (Strict), Cloudflare will immediately stop proxying traffic to your server, and will display an error page explaining the situation to visitors, until the situation changes. “Always Online” might kick in so visitors might get a static cached copy of your site.
If your SSL Mode is set to just “Full” without the (strict), Cloudflare will continue trusting the expired certificate and will continue passing traffic as normal. Using an expired certificate is a security risk so you want to avoid this if at all possible.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.