Is it safe to switch to new custom SSL certificate during business hours

I have bought a new certificate (outside Cloudflare) because the old one is expiring. I have uploaded the new certificate and the new and the old certificates are shown side by side. Both as “active”.
Everything looks right. Hosts, Expiration date, etc.
I assume that next step is to remove the old certificate. But I am hesitating to do this. I would love to be able to toggle back and forth in case something went wrong. I don’t have the old certificate file available.
Is there a risk here? Can I switch back, if it doesn’t work, without reuploading the old certificate and having minutes of downtime? Should these things be done outside business hours?
Will I have a bit of downtime even though the new certificate works as it is supposed to?

1 Like

If you are an Enterprise customer you can use the staging feature to validate. If you aren’t an Ent customer the linked article on staging highlights some of the potential risks… if none of those apply it is a pretty safe opp to update at any point.

1 Like

@nikolaj.kaplan, curious, in your SSL/TLS “Overview” section, what is your SSL/TLS encryption mode set to?

Mine is Full. My take-away with this setting is as long as the Custom cert you have uploaded is valid, it will work.

I have two SSL certs in my “Edge Certificates” section. The one I uploaded, and a “Universal” cert from Cloudflare (I believe they provided one because we’re Enterprise customer(?))

Curious how you go about switching between the two certs showing in Cloudflare in the first place? Both of mine also show active, but the Cloudflare cert is below my Custom cert, which expires in 3 months. Does the selection on the SSL/TLS Overview page determine which SSL cert is used? As it stands, I plan on just getting a new SSL cert, uploading it to our web server and Cloudflare. Apply the new cert on the web server, and delete the expiring cert in Cloudflare and hope the newly uploaded Custom cert takes over.

@cscharff thanks for the staging recommendation. Looking into that now.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.