The Let’s Encrypt certificate has expired, causing end users to encounter issues when accessing the website, even though the Cloudflare SSL certificate appears valid. Could you advise on what might be missing during the certificate renewal process? Thank you.
What steps have you taken to resolve the issue?
check Cloud Flair Lets Encrypt SSL which is valid Until November 2024.
Those are not the SANs that you would usually find in a Cloudflare Universal Certificate. I suspect you are looking directly at the Origin using split horizon DNS, or a local hosts file. If that’s the case, talk to your local network administrator.
I’ve been investigating the recent certificate issues some users are experiencing with sixspartners.com. Interestingly, it seems to be affecting only users within the local network (LAN). Everyone outside the LAN seems to be receiving the correct certificate.
Here’s what I found:
Local DNS forward lookup zone for sixspartners.com appears to be pointing directly to the website’s IP address. This bypasses Cloudflare’s proxy, which is likely causing the certificate mismatch.
The Question:
To ensure LAN users connect through Cloudflare and receive the proper certificate, what IP address should the “A” record for sixspartners.com point to within the local DNS forward lookup zone?
For split horizon you normally CNAME to <hostname>.cdn.cloudflare.net
As most DNS servers do not support a CNAME at the root you can lookup whatever addresses are currently returned for sixpartners.com.cdn.cloudflare.net, and create internal records for those IP addresses.
You should set up some monitoring if those addresses change. Changes are infrequent. You generally won’t have an issue if they do change, but it is better to keep them in sync.