Origin cert expired, yet HTTPS is working just fine. Why?

I’m using “Full” end-to-end encryption setting in Cloudflare. My site is proxied through Cloudflare. The certificate on my origin server has expired, yet visiting the site via HTTPS is working perfectly.

According to this answer, Err_cert_date_invalid the cert validity doesn’t matter:

If your origin certificate expired, maybe regular “Full” SSL will work since it’s not necessarily checking for a valid SSL certificate.

Why does Cloudflare ignore the expiration date of the certificate on the origin? What information does it need from the certificate then?

They don’t ignore this.

“Full” SSL dies not validate the origin certificate. Sometimes a self-signed certificate fits the needs. Thinking of development, stage or UAT systems. That would not work on strict SSL. Just one example.

On “Full (Strict)” the origin certificate will be validated and you will see an error when it has expired or been revoked for example.

1 Like