One of my site using R3 only instead of "Cloudflare Inc ECC CA-3" cert

Hi all,

I am a hobbyist that hosted few of my own sites and still learning bout it, my knowledge on webserver hosting is quite limited.

I am trying to use Cloudflare to secure my sites further and I faced some confusions.

Currently I have 3 sites, 2 (Site A, Site B) of them are using below certs:

C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3
C=US, O=Let's Encrypt, CN=R3
C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3

while the 3rd (site C) site only using below certs:

C=US, O=Let's Encrypt, CN=R3
C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3

All 3 sites are residing on same Apache2 server with exact same setup procedures and setting.

Cloudflare > Kemp VLM > 1xWebserver (Apache2)

Could I check if it is normal for Site C to look different from Site A and Site B?

I replicate same Cloudflare setup to all 3 sites, and all 3 sites are using Full(Strict) and Proxied following NetworkChuck’s youtube tutorial Here .

Would appreciate if anyone can point me some direction.

Thanks in advance!

So it means that Cloudflare randomly assign certs hence it does not matter even if my site C only uses 2 certs (lack of 1 cert from Cloudflare) instead of 3 certs just like my other 2 sites (site A and site B)?

The information of certs was obtained from Google Transparency Report

Certs on Site C

Certs on Site A

I submitted a request with ID 2214458 as well as raised a community ticket.

It’s difficult to understand what the question/problem is.

Yes. Cloudflare use multiple certificate authorities, and unless it’s you are subscribed to ACM, you don’t get to choose which is used.

Is this creating a problem for you or your visitors?

Also, with only one Apache web server, what is the purpose of the VLM in your setup?


Really appreciate for the prompt response, and apologize for making it hard to understand the question/problem is.

There’s actually no problem per se, but the in consistent behavior of Site C compared to Site A and Site B raised my concern. Hence would like to find out if it is a normal behavior or I did something wrong as there’s lack of one Issuer on Site C.

This clear things up, thanks for bring me the clarity.

No, there’s no problem with my visitors.

I do have plex, and game dedicated servers aside from Apache webserver, hence I uses VLM to handle the port by only port forwarding 443 instead of a wide range of ports on router level.

Once again, thanks for the reply!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.