Today some of users getting issue about outdated SSL certificate on domain. I investigate, that one (may be more) of CF servers realy got outdated certificate, while others got fresh one. Right now i disable CF support for that domain, due to that error
What steps have you taken to resolve the issue?
Check CF dashboards, all seems good. It’s display correct and fresh cert’s
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Full
What are the steps to reproduce the issue?
Problem server:
curl --resolve dikidi.net:443:176.9.73.143 https://dikidi.net
Normal server:
curl --resolve dikidi.net:443:188.114.96.1 https://dikidi.net
That’s not a Cloudflare IP address, it’s probably your Hetzner origin and is where your certificate expired yesterday.
This also probably means your origin SSL certificiate has expired and you are using the insecure “Flexible” SSL/TLS mode on Cloudflare otherwise this would give a 526 error. Make sure you origin certificate is renewed and valid, then use “Full (strict)” SSL/TLS mode on Cloudflare.
Cloudflare is now ignoring the content of your invalid origin SSL certificate which is insecure. Ensure to renew your origin SSL certificate and switch back to “Full (strict)”.
My server hosting company said that they changed the hardware of the DB, but nothing else changed except the SSH host key fingerprint. Why the fingerprint changed as well, not sure yet, still digging.
The hosting service provider said that they haven’t changed anything and the fingerprint changed because they replaced some hardware. So I am left in the dark, so that I can’t change it back to “Full strict”, I tied it instantly threw the error. Maybe I can force something to be flushed on the Cloudflare side or I don’t know.
Set your DNS record to “DNS only”, or pause Cloudflare, then requests will go direct to your origin and you will be able to see the problem without the Cloudflare error page. You can then get it fixed and once working re-enable Cloudflare.