Lost Key of Origin certificate, Creating a new origin certificate

I never installed the origin certificate on my host because I lost the key.
Now I receive a cURL error 35 on the Health Status on my WP site.

In another post I read that I can Simply revoke the current certificate and have a new one issued.
Should I create a new origin certificate and install it on my host BEFORE revoking the old one?

I’m afraid my customers will see an error on my site while the certificate is revoked.
Thank you

If you never used the current certificate it won’t be involved in the connection setup either and your visitors won’t get an error either (of course they might get an error for another reason, but that won’t be Origin certificate related).

Also, the cURL error is SSL related but as you shouldn’t be directly connecting to your origin in the first place (otherwise you will get an unknown CA error - that might be even that 35 one) you shouldn’t get any such errors in the first place as you’ll be only hitting the proxy and its certificate.

At this point I would recommend to

  • revoke the current certificate
  • have a new one issued
  • keep the private key
  • configure everything on your origin
  • make sure you have Full Strict as encryption mode
  • check if the DNS record in question is proxied as it has to be proxied

If you still get any SSL errors when connecting to the proxy, make sure the proxy certificate is in place and that your minimum SSL version is not too high (should be 1.2 or lower).

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.