SSL Certificate unexpectedly stopped working

Our SSL certificate unexpectedly stopped working at around 10:57am UTC today (2024-05-14). Before it worked properly for years. The site started throwing ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. The dashboard shows the certificate is pending domain validation via TXT records. Any ideas how it could happen? Why did it require validation if the certificate was valid before?

What is the domain?

leica-geosystems.com

We issued new certificates to fix the issue quickly, however the original certificate for “leica-geosystems.com, *.leica-geosystems.com” is still pending validation.

Your domain is not using Cloudflare…
https://cf.sjr.org.uk/tools/check?92cc91c970c948e6aaad0b20f125bed5#dns

A sub-domain that does use Cloudflare is https://shop.leica-geosystems.com/.

1 Like

A certificate for shop.leica-geosystems.com is in place and the site is working, I would have thought you wouldn’t get a certificate for the domain and its wildcard on a partial setup. It’s not something I’ve done myself so someone else may know more.

Right, we added the certificate for shop.leica-geosystems.com yesterday after the site became inaccessible. The certificate the site worked with previously was one for *.leica-geosystems.com, leica-geosystems.com, however unexpectedly it stopped working and required validation. As a result, the site was inaccessible for the most of the day which was a critical issue. Therefore we must figure out why it happened to avoid such issues in future.

Hey there,

I took a look at the certificate you mentioned, and this certificate got deleted because it was using Digicert as the CA, which is now deprecated. When Cloudflare tried to renew this certificate, a new certificate had to be issued to change the CA. You can find more information on this change in our developer docs here: