Let’sEncrypt Free Open Source SSL certificates

Why is Cloudflare issuing Free Open Source SSL certificates from Let’sEncrypt with short validity periods like 3 months. We have had sni /Cloudflare /com returned from day one until recently.

We do not wish to have this certificate returned, and we do not wish to upgrade to a business plan.

For our customers such these Let’sEncrypt certs do not offer the trust and integrity our customers deserve.

Thank you @sdayman , you are a true legend. Slight modification required. Why are CF Tech Support so reluctant to share this with their customers? Sorry about the extra / in the URL

curl -X PATCH “h/t/t/p/s/:///api /Cloudflare /com/client/v4/zones/[zone_id]/ssl/universal/settings”
-H "X-Auth-Email: [Account Email Address]”
-H “Content-Type: application/json”
–data ‘{“certificate_authority”: “digicert”}’

1 Like

Let’s Encrypt are a very popular CA, they are no less secure and trusted than DigiCert or other CAs.

Shorter expiration dates are better for security not worse. There’s a reason why DigiCert is now deprecated: Digicert update · Cloudflare SSL/TLS docs

I would recommend sticking to LE and researching them instead of assuming. They’re very widely trusted and supported.

The endpoint you used is not supported and it is possible your CA will be reverted back to LE at any time (again, DigiCert is deprecated).


Thank you for your reply. I am not too technical, however until 3rd OCT 2022 CF edge servers had always returned sni /cloudflaressl /com. Our service was moved away from CF by our hosting provider for approx. 24 hrs. (long story). When we changed our Names Servers back to CF we noted CF was returning Let’sEncrypt. Not a huge fan of change without any explanation.

You mentioned –data ‘{“certificate_authority”: “digicert”}’ is depreciated.

What option should we use to have CF edge return sni /Cloudflare /com?

You don’t. What you saw before was a cert issued by DigiCert. As I stated in my comment, they’re deprecated now.

I’d recommend sticking with Let’s Encrypt. There’s no downside and increased security + not using a deprecated CA

You’ll be moved off DigiCert at some point, just let it be now rather than in a month or 6 or whatever.


Thank you Walshy

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.