Internally we’re getting a SSL expired notification for our website. Externally from our network we do not get this. The cert shows different expiration times externally as well, and the cert is set to auto renew via Let’s Encrypt.
Sounds like cPanel or some other workaround for renewing
Since Cloudflare’s Universal SSL also uses the LE’s CA, might be if your DNS records anre proxied and behind Cloudflare, the origin SSL certificate cannot renew as it sees the “hidden” DNS records for Cloudflare’s Universal SSL certificate.
I’d suggest you to temporary Pause Cloudflare for your site. Wait few minutes. Double-check the origin SSL certificate. Renew it. After the Website works okay over HTTPS, un-pause and all good.
Usually, when it’s the time to renew them, I do it pretty fast with my script and Cloudflare API for a domain which I enter into a input text field (or textarea if there are multiple domains to renew) via my Worker, however manually you would have to:
Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
The link is in the lower right corner of that page.
Give it five minutes to take effect, then make sure site is working as expected with HTTPS without any error
Check with your hosting provider / cPanel AutoSSL / Let’s Encrypt / ACME / Certbot and manually click to renew it
Only then, when your website responds over HTTPS, you should un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).