One of my site using R3 only instead of "Cloudflare Inc ECC CA-3" cert

Elkeri · July 25, 2021, 9:43am

Hi all,

I am a hobbyist that hosted few of my own sites and still learning bout it, my knowledge on webserver hosting is quite limited.

I am trying to use Cloudflare to secure my sites further and I faced some confusions.

Currently I have 3 sites, 2 (Site A, Site B) of them are using below certs:

C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3
C=US, O=Let's Encrypt, CN=R3
C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3

while the 3rd (site C) site only using below certs:

C=US, O=Let's Encrypt, CN=R3
C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3

All 3 sites are residing on same Apache2 server with exact same setup procedures and setting.

Architecture:
Cloudflare > Kemp VLM > 1xWebserver (Apache2)

Could I check if it is normal for Site C to look different from Site A and Site B?

I replicate same Cloudflare setup to all 3 sites, and all 3 sites are using Full(Strict) and Proxied following NetworkChuck’s youtube tutorial Here .

Would appreciate if anyone can point me some direction.

Thanks in advance!

Vily · July 25, 2021, 10:29am

Elkeri · July 25, 2021, 10:34am

So it means that Cloudflare randomly assign certs hence it does not matter even if my site C only uses 2 certs (lack of 1 cert from Cloudflare) instead of 3 certs just like my other 2 sites (site A and site B)?

The information of certs was obtained from Google Transparency Report

Certs on Site C

Certs on Site A

Elkeri · August 7, 2021, 11:50am

I submitted a request with ID 2214458 as well as raised a community ticket.
@MoreHelp

michael · August 7, 2021, 11:57am

It’s difficult to understand what the question/problem is.

Yes. Cloudflare use multiple certificate authorities, and unless it’s you are subscribed to ACM, you don’t get to choose which is used.

Is this creating a problem for you or your visitors?

Also, with only one Apache web server, what is the purpose of the VLM in your setup?

Elkeri · August 8, 2021, 4:33am

Really appreciate for the prompt response, and apologize for making it hard to understand the question/problem is.

There’s actually no problem per se, but the in consistent behavior of Site C compared to Site A and Site B raised my concern. Hence would like to find out if it is a normal behavior or I did something wrong as there’s lack of one Issuer on Site C.

This clear things up, thanks for bring me the clarity.

No, there’s no problem with my visitors.

I do have plex, and game dedicated servers aside from Apache webserver, hence I uses VLM to handle the port by only port forwarding 443 instead of a wide range of ports on router level.

Once again, thanks for the reply!

system · August 11, 2021, 4:33am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.