Need helping changing certificate

I need help figuring out how to change the certificate cloudflare has issued from RSA to ECDSA.

I have several domains that I use with cloudflare, all of them use a ECDSA certificate except the first one I added which is using RSA. And yes, they are cloudflare issued.

@MoreHelp

Hi, one thing you can try, but cause a bit of downtime, would be to disable Universal SSL and re-enable after 10 or so minutes.

Can you share the domain? According to the docs, all Free plans are issued ECC certs only, while paid plans get both ECDSA and RSA. I have never seen RSA only.

3 Likes

Hey there,

The domain is https://xavier.dev/

I can’t find rhyme or reason. My Pro plan is RSA, and a medium-aged free plan is ECDSA. My free plans seem to be 50/50. One Biz is RSA, and the other is ECDSA. Ent plan is RSA.

:man_shrugging:

They all score A+ at Qualys, though.

UPDATE: Maybe I’m not reading the reports right. I have one domain using ACM, which says it issued both, but Qualys looks like it’s only looking at the RSA cert.

Yeah, I’m not reading the reports quite right. One Biz plan has both certs, and one is ECDSA only. Some (but not all) other plans I thought were RSA actually have both. I’m just going to :man_shrugging: again.

The current Cloudflare issued cert for your domain is ECDSA, and that’s what I see in tools like SSLLabs.

https://crt.sh/?Identity=xavier.dev&exclude=expired

Currently, all Let’s Encrypt certs are issued from the RSA root. (You can request certs from the ECC root, but it’s not yet the default.). Cloudflare use LE for some domains, and it’s an option on ACM certs.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.