Shared Universal SSL certificate is showing as expired (but only on one site)

I’m using Cloudflare for free, so I get that there may not be a solution here. But, I have a bunch of sites using the universal ssl cert and they are working fine. But one https://recodeyourmind.com is showing as expired. See attached image:

recode-security-cert2880×1754 290 KB

Not sure what to do about this. Not sure why that cert isn’t expiring for all my sites. It’s listed as “SHA 2 ECDSA” on all of them and the expiration says “Managed by Cloudflare.”

This is making recodeyourmind.com totally inaccessible (for days now). Please help me figure this out.

Yep, there’s a bit of that going around. Open a ticket: login to Cloudflare and then contact Cloudflare Support.
They’ll renew it.

Thanks. I’ll do that.

Your domain seems to have 5x Cloudflare IPv4 + 5x CF IPv6 addresses running it which seems unusual as normally only see 2x CF IPv4 + 2x CF IPv6 SSL Server Test: recodeyourmind.com (Powered by Qualys SSL Labs)

dig A +short recodeyourmind.com      
104.16.16.194
104.16.12.194
104.16.15.194
104.16.13.194
104.16.14.194

dig AAAA +short recodeyourmind.com
2400:cb00:2048:1::6810:dc2
2400:cb00:2048:1::6810:fc2
2400:cb00:2048:1::6810:cc2
2400:cb00:2048:1::6810:10c2
2400:cb00:2048:1::6810:ec2

Definitely want to contact Cloudflare support

OK, I’m hosting using Clickfunnels and following their directions to set up the Cloudflare settings. I’ve got a ticket in and we’ll see what Cloudflare has to say. Thanks!

It’s Clickfunnels, so I think they have a special arrangement with Cloudflare to have five IP addresses instead of the usual two.

EDIT: this is the CNAME that points to target.clickfunnels.com

Yep, that’s the CNAME - target.clickfunnels.com. What’s weird is I have other sites set up the same way through Cloudflare that are working just fine: fundamentalshift.com, identityshifting.com, and others. But those don’t show the SSL cert as expired.

It looks like your expired one is a dedicated cert that expired a week ago. Other domains won’t be affected, as they have their own dedicated certificates.

OK, thanks. Got an automated reply saying that they are having trouble supporting all the requests from free people like me and to come here for support. Any other ideas on something to do?

Go to your SSL/TLS app, then head down to Edge Certificates and click View for your certificate.

Then DELETE CERTIFICATE. And generate another one. You’re already on a monthly certificate subscription, so it won’t charge you again.

Looks like I don’t have the option to delete the cert:

recode edge cert.png2848×1182 236 KB

recode edge cert 2.png2658×1320 223 KB

Huh, it’s Universal. It looks like a dedicated cert to me. Maybe that’s part of the problem.

In that case, go all the way to the bottom of that screen and click “Disable Universal SSL.” Then wait 10 minutes, and click that button again to Enable Universal SSL.

You’ll get a scary warning about disabling it…but it’s broken anyhow.

Do you know if you ever paid for a dedicated certificate? What’s showing right now is a dedicated certificate. There are no other domains listed in that cert.

No, I’ve never paid for a certificate. I am using their free certificate.

If I disable it, will I really have the option to turn it back on? It warns that disabling will “prevent any future Universal SSL certificates from being ordered.”

It is a Dedicated certificate, whether you ordered it on 2017-10-13 or it got enabled some other way.

• crt.sh | 230152441
• crt.sh | 230152745
• crt.sh | 230157774

There are also scores of valid Universal certificates (and scores of expired ones).

This might be something support has to resolve.

OK, thanks.

1. It can’t get any worse.
2. The Off/On routine hasn’t broken anything for me or others using this technique to unjam a certificate order.
3. That warning is probably because if you do disable it, then…yeah, you can’t order one…until you re-enable it.

This topic was automatically closed after 30 days. New replies are no longer allowed.