Renew SSL certificate before renewal using Advanced certificate manager

General
1

What is the name of the domain?

What is the error number?

I wish to update the ssl before automatic renewal, can i do the same if i purchase Advanced Certificate manager

What is the issue you’re encountering

I wish to update the ssl before automatic renewal, can i do the same if i purchase Advanced Certificate manager

What steps have you taken to resolve the issue?

Hi,

I am currently using the free SSL provided by Cloudflare and i need to update the same manually before it renews automatically, so I can have control over the date the same renews.

Can i achieve the same if i purchase the Advanced certificate manager.

Looking forward to your suggestions.

Thank You

2

Are you talking about Origin certificates? These (and server certificates in general) always need to be managed by yourself. The proxy certificates are managed by Cloudflare however.

Can you confirm that your encryption mode on Cloudflare is Full Strict?

3

No, @sandro iam mentioning the “Advanced Certificate Manager” under edge certificates

Screenshot 2024-07-25 143746
Screenshot 2024-07-25 1437461047×535 35.2 KB

4

Yeah, I already referred to that. The proxy certificates are managed by Cloudflare.

5

On my end, iam using the proxy certificates from cloudflare end, and it seems to be getting renewed every 60 days, i wish to manully update the certificate so i have some control on the date it gets renewed.

can this be achieved using the above?

6

As mentioned, the proxy certificate is automatically managed and there is nothing you need to or can do here. But what about the server certificate?

7

For server certificates iam using letsencrypt.

The thing is iam using SSL pinning for my application and i searching for a better solution currently, but meantime i dont want to face any sudden outage when the SSL is renewed and ssl key assicaited with the same changes.

Is there any way i can do the process of updation manully.

8

You can order ACM and that will allow you to customise certain certificate details, but renewal is still up to Cloudflare. If you want to have full control, you’d need to unproxy.

9

Okay, if i Disable Universal SSL and use the SSL from the server end,

  1. what is the impact and how is going to affect the proxy feature
  2. will it affect the security and waf rules added
10

Another option would be to upgrade to a Business plan and provide your own certificate.

You must not disable Universal SSL until you have ordered ACM, as you’ll otherwise have no certificate.

With ACM you can specify the validity period, but not force a re-issuance.

As mentioned, there shouldn’t be an issue with the proxy certificates. If you really need to control that, you can only unproxy or purchase the Business plan.

1 Like
13

can you mention more details on validity period,

as i noticed there is option to decrease the validity period, but is there an option to increase the same
like 6 months or 1 year and if so are these addon paid services?

14

Advanced certificates · Cloudflare SSL/TLS docs should have all the details on ACM.

2 Likes
15

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.