Replacing the stored Cloudflare edge cert with Origin Server cert

I installed an origin server cert on my web host. Cloudflare is still using a Let’s Encrypt cert that I had removed prior to installing the Origin Server cert.

How can I get it to load the Cloudflare cert and not the Let’s Encrypt cert?

The Let’s Encrypt cert that is stored expires in 2023 and the origin cert expires in 2037?

Welcome to the community!

Edge certificates and Origin Server certificates are different things:

  • Edge certificates are used to encrypt the connection between the end-user and Cloudflare. They are (obviously) publicly trusted. In your case, it’s the Let’s Encrypt cert.
  • Origin Server certificates are self-signed certificates by Cloudflare to encrypt the connection between Cloudflare and your server. These are not publicly trusted for anyone but Cloudflare. You could also use any publicly trusted SSL certificate in your server, and it will also work for encrypting the Cloudflare → Server connection. However, Cloudflare will not show this certificate to users (it’ll show the Edge certificate instead).

Hope it helps!

Thank you. This does help.

I am having an issue where an LG digital signage display is not accepting the Let’s Encrypt cert. It says that it is a date/time issue, but I’ve adjusted everything I can and it’s not working.

Another site that I host is setup the same way, with a Let’s Encrypt cert on the server, but the edge cert on Cloudflare says it was issued by Cloudflare Inc ECC CA-3, Cloudflare, Inc.

I am trying to have the site with issues load a Cloudflare cert and not Let’s encrypt, but I can’t figure out how to make that happen.

At this point, the only cert on the server is the one Cloudflare generated and I copied over the cert and key codes. I removed the Let’s Encrypt cert.

Are you using either the custom hostnames feature, or CF Pages? It’s because they use SSL for SaaS, which has higher priority over Edge certificates. Can you confirm this? Thanks.

No. I am not using hostnames or CF pages. Thanks

I’m not sure how that’s possible. Let’s Encrypt certs are good for only 90 days:

However, you can switch certificate authorities with an API call:

I wish I could try this. The issue is with an LG digital display. The kind you see in restaurants and businesses. It has a built-in browser, so I’m really limited in the settings or access to it.

The URL to this page is breathediversitypilates[dot]com/display

gwenmillerstudio[dot]com is the site that has a Cloudflare cert in CF, but Let’s Encrypt on the server. I’m trying to match this site’s cert usage.

Is it possible there is a update for the TV. The lets encrypt cert expired in 2021 and might be what you see

2 Likes

Where do you see a Let’s Encrypt cert that expired in 2021? I’m not seeing it.

1 Like