Revoked SSL certificate due to older cert overriding

Answer these questions to help the Community help you with Security questions.

What is the domain name?

Have you searched for an answer?

Please share your search results url:

When you tested your domain using the, what were the results?
The diagnostic center is not available at this URL

Describe the issue you are having: has been offline for over a week now with a NET::ERR_CERT_REVOKED error. The website is published with a vendor,, who is providing an SSL certificate for the website with CF.

From all the investigation so far, we have learned that an older revoked CF certificate is overriding the new CF certificate that the team is providing. We want help with clearing this older revoked certificate for the new CF certificate to be applied.

What error message or number are you receiving?

What steps have you taken to resolve the issue?

  1. Our SRE team investigated the issue to find that since the website is hosted with a vendor,, the vendor must provide a valid SSL certificate.
  2. The support team investigated the issue to find that an older revoked CF certificate is overriding the new CF certificate that the team is providing.
  3. The CF community forum does have a post specific to this problem.

Was the site working with SSL prior to adding it to Cloudflare?

What are the steps to reproduce the error:

  1. Navigate to to view the error.

Have you tried from another browser and/or incognito mode?
Yes. Errors in all browsers and in incognito mode.

Please attach a screenshot of the error:

So this isn’t a Cloudflare problem per-say.

If you click on the “Not Secure” in the top left and click View Certificate you’ll see that it’s actually an expired GoDaddy cerificate that’s being served. I’m guessing that if were to go into the DNS panel on the Cloudflare dashboard they’d find that the DNS record for is Unproxied (:grey:).

If you contact the team and ask them to ensure the domain is Proxied (:orange:) and the origin has a valid Origin Certificate or other valid certificate then things should start working.

Finally, the SSL mode on the zone ( looks like it’s set to Off, which means that Cloudflare won’t automatically provision SSL certificates for the domain. I’d recommend you turn this on.

Note that if they use an Origin Certificate, your DNS record MUST be proxied otherwise you’ll get an error similar to this.

Thanks for these insights. This will be helpful in our follow-up with

When I click view certificate, I see that the GoDaddy certificate is valid (screenshot attached).

The validity dates don’t change when a certificate is revoked (the certificate is essentially immutable). But the Browser is showing the certificate is not trusted. This is probably following an OCSP check. The cert was revoked.

1 Like

Got it thanks. I now understand the difference. Following up at our end with this information.

More observations and questions. In the GoDaddy certificate, all the websites listed as alternate names are available as I write this. There is a secure connection to all of the listed websites without any ERR_CERT_REVOKED errors. Specifically, has a revoked certificate.

I learned from that an older Cloudflare certificate may have had listed and when set up a certificate for the website, it is likely being overwritten by the older certificate. Can Cloudflare assist with clearing this older certificate?

1 Like

This issue is now resolved and can be closed

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.