If the origin certificate expires

When the origin certificate expires, will there be a connection problem for visitors?

My ssl setting is FULL on Cloudflare. Thanks.

If it’s just Full (not Full/Strict), I believe the certificate will still work with Cloudflare, as Cloudflare doesn’t seem to error-check the certificate.

It will work on Full. My origin certificates have expired months ago. :slight_smile:

For security, you should use valid, non-expired certificates and Full (strict) mode, though.

An expired cert doesn’t harm the encryption itself. :thinking:

But it does nothing to prevent the connection from being MITMed by anything with any certificate.

Edit: It helps against passive attackers, but not active attackers.

1 Like


I must add that access to my websservers is restricted to Cloudflare, SSH through VPN and a few static IPs and a jump host with 2FA via Duo Security. Maybe that’s why I slightly ignore if the cert is valid or not.

And renewing Let’s Encrypt certificates via Cloudflare protected hosts is a mess.

How so? I have…the acme thingie (it’s early here)…on my servers and it looks like .well-known access is letting me renew my certs.

I got I timeout the last time I tried it. Even after setting an Any - Any -Allow rule. So it’s not the firewall. Did I miss something? :thinking:

I used an exposed host to renew the certs in the past but…

My servers block anything that’s not Cloudflare (but 22 is open to my home IP). Certbot runs every week with the webroot flag and that seems to keep it happy.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.