The SSL certificate seems to be cached by cloudflare

After updating SSL certificate to IIS, I can see the new certificate if I open localhost directly.
However, browser still shows the old one if I open the site using domain name.
How to fix it?

Without Cloudflare, or with Unproxied (:grey:) / DNS-only records: Visitor ↔ Web server
With Proxied (:orange:) records: Visitor ↔ Cloudflare ↔ Web server

So, by having Proxied (:orange:) records, you also have two different connections to secure. Cloudflare will take care of the first (Visitor ↔ Cloudflare) with the Edge Certificate from Universal SSL, and your IIS certificate will take care of the latter (Cloudflare ↔ Web server)

If you want the browser to see your own certificate, you have two options:

  1. Set the Proxy status to Unproxied (:grey:) / DNS-only.

  2. Upgrade to Business plan (or above), and upload your own certificate to Cloudflare.

1 Like

The Proxy status for my domain is DNS only and I have not changed.
Either old or new SSL certificate are expected to be served directly by origin host (IIS server)
now the old one worked but the new one doesn’t appear, instead it still sticks to the old one
what else reason could cause this?

I found it’s fixed, thanks

May we ask about what the final solution was?

As you mentioned the record was already Unproxied (:grey:) / DNS-only, it sounds like it would have been something with your IIS configuration?

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.