SSL Not renewing


#1

Hi all, I have recently found out that my SSL cert from our website www.pineapple.my is expired and my hosting provider is refusing to provide any assistance. How do I renew my SSL cert for this website? Please help. Thank you


#2

Your certificate has been expired for a year. The DNS setup is okay, but you dont tunnel through Cloudflare, so you should switch your settings from :grey: to :orange:. That would fix your immediate TLS issue, given your TLS settings are not “Full (strict)”.

Of course a valid TLS setup on the origin server would be desirable too, but here you would need to follow the official instructions to renew your Lets Encrypt certificate.


#3

Thanks for the quick reply. May I know where can I go to switch the settings as suggested?


#4

In the control panel under the DNS settings for your domain. :orange: indicates requests get tunneled through Cloudflare instead of going directly.


#5

You could, if your hosting provider allows, install a Cloudflare Origin Certificate (valid for up to 15 years) to encrypt Cloudflare <-> Origin.


#6

I switched all the settings to :orange: but It doesn’t seem to be working. Does it take time to propogate? What am I missing here?


#7

Sure, it is a DNS change.


#8

Excellent point!


#9

Hi Matt, Is this free or paid? Currently this SSL for our website is free


#10

Now the website seems to be working well, could you kindly have a look at www.pineapple.my website to see if there are any problems? Thanks again!


#11

It does load fine now, but you should still check if the connection between Cloudflare and your server is encrypted.


#12

Completely free, go in your crypto settings and follow the instructions.


#13

Sorry, how do I check this?


#14

What does it say under the crypto section?


#15

The top section says “Full”


#16


#17

So the connection between Cloudflare and origin is still encrypted, however there is protection against attacks as Cloudflare will trust invalid certificates too (like in your case).

If you want to address that too, you should switch to “Full (strict)” but make sure you have a valid certificate beforehand. Either renew your currently expired one or have one issued by Cloudflare, as @matteo suggested.


#18

Thanks for the explanation. If that is the case, I still need to renew my expired certificate and make it valid. I would also follow @matteo suggestion too if that is easier. Which way would be easier?


#19

I have tried loading the website on other iPhone & iPad devices but there were SSL errors found and the website couldn’t load. Any idea what went wrong?


#20

I can replicate this error on my iPad. I get a NSURLErrorDomain message.

What are your TLS settings on the Crypto page?

Minimum TLS version?
TLS 1.3 setting? Disabled, Enabled, Enabled/0RTT?