SSL universal certificate expired in 2021 and not renewing


My SSL universal certificate expired in 2021 without renewal. I tried to “disable/enable universal SSL”, delete and add the domain again but I don’t see any result.

In the Edge Certificate section, I see “Expired (error)”,

Thank you in advance.

1 Like

Any chance you could share the actual domain name this issue is related to?

Nothing seems blatantly wrong from here though.

You have enabled DNSSEC in Cloudflare, but not (yet) added the DS record to the parent registry of you domain name.

Since the DS record doesn’t exist at the parent registry, validators will actually ignore any signatures (as if DNSSEC wasn’t enabled at all).

How long did you wait with the disable/enable Universal SSL trick that you tried? My advice for that trick would be like:

  1. Disable Universal SSL
  2. Wait 15-30 minutes
  3. Enable Universal SSL
  4. Wait from a few to 24 hours (and hope that a new certificate will be generated then).
  5. Return, if not successful

Thanks for the suggestions.

I disabled SSL universal certificate about a year ago due to the same problem. Today after a long break I enabled it back without any change “still Expired (error)”.

After your message, I turned off dnssec and tried to toggle “disable universal certification” again (1h break between). I keep seeing the information “Expired (error)”, I was expecting something like “pending validation” or “generating”. I can wait until tomorrow but this status seems to be stuck.

Is there no way to generate the certificate manually like here?

Hi @Primates997!

I’ve applied a fix to your account. Can you check now?


Great, everything is working now. Thank you :slight_smile:


I was actually also starting to think that something like that would be required

Occasionally, you just see people that aren’t geared with that much patience (if any at all), expecting things to be completely instantaneously. But about a year ago? That is clearly some kind of patience. :wink:

Happy to hear that the issue is resolved now!

@erisa-cf Due to simon’s words in the referenced thread, I am quite sceptical, but is there actually anything that the customer can do on their own, in situations like these?

Unfortunately, the certificate issuance does get stuck occasionally, usually requiring a change of Certificate Authority to resolve this. This generally has to be done by Support.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.