Reissue Edge Certificates?

Is there a way to force Cloudflare to regenerate/reissue our “Edge Certificate”? Due to the Let’s Encrypt cert expiration, we’re running into some problems that seem to be resolved with a certificate regen. However, we’re unable to force Cloudflare to regen the Edge Cert. Is that possible? We’re on the Pro plan. If I upgrade to “Advanced Certificate Manager” will that give me the option?


I’d hate to have to recommend a paid option, but ACM will generate a brand new certificate. Heck, you can go with DigiCert on ACM if it makes you feel better.

But first I’d try “Disable/Enable Universal SSL” at the bottom of the SSL/TLS → Edge Certificates page. But I’d give a few minutes between the Off/On cycle. And make sure the cert falls off the list at the top of that page. Hopefully that will generate a new certificate.

Thanks for the suggestion! Due to the scary popup warning when clicking disable, I think will try it later tonight when traffic is reduced. I have Cloudflare paused right now so I’m thinking it would probably be ok, but I’ll wait for traffic to be lower just in case. I’ll update with my results for future searchers. Thanks!

1 Like

Just FYI, the ACM issued LE certs continue to contain the expired DST root. Using the DigiCert CA is the more reliable route at this stage.


I just tried to disable it for 20 minutes, and as soon as I enabled it again, the old certificate was restored as if nothing had happened.

You will need to open a support ticket and ask that they switch you to the DigiCert certificate authority. Update this thread with the case number when you have one.

1 Like

Terrible, we have to do that for every websites which have the LE cached issue?

Hmm, our plan does not include support ticket help. I did try to disable and re-enable Universal SSL, and while it did not immediately regenerate the certificate, it did eventually (I checked again about a day later). If you suspect that this regenerated LE cert will have the same problem, then I’ll probably just do the $10 Advanced Certificate Manager plan, as that will be cheaper than upgrading our entire plan to get support ticket access.

All plans can open tickets. Tickets that can’t be solved by the community get escalated to a support engineer. They have a process in place to replace Let’s Encrypt certificates that aren’t working. Just email them at support AT cloudflare DOT com And then post the ticket number here.

1 Like

Thanks for the support email, sdayman. I resolved it by doing the $10 addon for a DigiCert. That has solved our problem for now. I’ll probably cancel it in a few months once this has all passed and our LE cert has expired / automatically renewed. But next time I’ll be better equipped. Thanks for your help on this issue!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.