Universal SSL Cert expired

Hi, I’m having problems with the Cloudflare Universal Cert on the origin server.

I generated new certificates in Cloudflare and installed them.
Urgently need some help here. Thanks in advance!!!

Here is the error message:

“One of the root or intermediate certificates has expired (648 days ago).”
Organization: CloudFlare, Inc. Org. Unit: CloudFlare Origin SSL Certificate Authority
Location: San Francisco, California, US
Valid from November 13, 2014 to November 13, 2019
Serial Number: 1146955871616924775 (0xfeace49d4c67c67)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CloudFlare, Inc.

I have generated new Origin Keys today. There seems to be a problem with the root certificate. My CPanel does not give the option of installing a separate root cert.

That sounds just like this:

Hi sdayman,
Thanks for your reply.
Will check if there is a solution mentioned.
Indeed, seems to be the same

Well, just going around in circles here.

I have already done pretty much everything recommended here.
Checked DNS - all proxied.
Downloaded the CloudFlare Origin RSA pem cert. I have no idea where and how to install this. When I install it via CPanel SSL, it goes but shows a s self signed and doesn’t change anything. I am on a hosted virtual account, so don’t have full control over the server.
The problem seems to be in the second cert in the Origin Cert package. That certificate has an expire date in 2019.
Do you have any further ideas?

I suggest you test the certificates you have installed by pasting them into this:

https://www.sslshopper.com/certificate-decoder.html

If you’ve confirmed they’re all up to date, you’ll have to track this down with your host why you’re getting that error.

Thanks for your help!
I have tested the certs again, using sslshopper and SSL Checker.
The problem is with the second part of the origin certificate #2 after installation. It expired in 2019. That is clearly the reason why the hosting server is rejecting it. I attach screenshots.
I don’t know enough about SSL to work out where else to look.
I have already completely uninstalled the CloudFlare Certs, disabled SSL in Cloudflare for an extended time, re-generated a new origin cert and uploaded. The result is always the same.
Is the Cert# 2 part of the Origin Cert installation? Or does that already exist somewhere on the server?


Expired CloudFlare Cert

Here is another screenshot using SSL Checker.
It clearly points at the CloudFlare Cert as expired on 14th Nov 2019.

And it clearly points to your server at NameCheap. As I said, if there are certificate problems at your host, you’re going to have to work this out with them. Cloudflare right now provides up to date certificates for you to download and add to your server.

Now you’ve lost me. Where does it point to NameCheap as the culprit, when it says CloudFlare root or intermediate certificate has expire 653 days ago.
If you could point me in the right direction where to start sorting this out with the NameCheap, that would help.
Where does the certificate in question originate and where does it live? I downloaded a CloudFlare Root Certificate, but there are no instructions on how to implement on a shared server. Can I assert with certainty that the problem is on their server? And where?
Thanks again for your assistance.

Hey sdayman, It’s sorted. Had a good support person at NameCheap. I didn’t know to upload the root cert as CABUNDLE.
CPanel showing an alert is expected behavior with a CloudFlare cert.
So, Thank you again for your input.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.