Renew SSL on origin web server

My hosting partner called me that they want to renew the SSL certificate of my website, but can not do it because the DNS is now held by Cloudflare. Which steps should I take?

To answer the question specific to your hosting provider around DNS, I would need more details around their renewal process, such as required DNS records, and type of certificate. Really if they are asking you to do this, they need you with their requirements.

It’s possible here that you don’t even need their certificate since Cloudflare is managing the customer facing SSL. If this is the case you can use a Cloudflare origin certificate in your webserver:

Origin CA · Cloudflare SSL docs

This certificate is only trusted by Cloudflare, so if you browsed directly to your site, bypassing Cloudflare, you’d get an SSL browser error. If you browsed through to the orange-clouded hostname then no SSL trust error would appear.

I will contact them tomorow. How can I check if all traffic is not bypassing Cloudflare?

Any grey-clouded records that point to the origin or accessing your site via IP would bypass Cloudflare.

If you are using Cloudflare orange-records, our recommendation is to block any access to the site of IPs not in the list of Cloudflare IP range/CIDRs, link below:

If your site is using Cloudflare, the user sending the request would be to one of those IPs, and the origin server would receive the requests from these IPs.

Ok, you are talking about proxy or DNS only. I am using GTranslate for several languages. They recommend to use DNS only for the pages they provide.

This means that only the source pages are going thru the orange cloud…

This topic was automatically closed after 30 days. New replies are no longer allowed.