Universal SSL Certificate expired status shows active

Both of my sites are unreachable because they say the SSL certificate is expired – since Dec 29!. I’m using Cloudflare’s Universal SSL. It shows as Active in the Crypto panel. I’ve submitted a ticket but as I’m on the free plan it will likely be days to get back to me. I’ve read that I should disable the Universal SSL, wait for 10 minutes and then re-enable but looking through the forum I don’t see any confirmation from anyone that it actually fixed the problem.

What is the domain?

In the SSL/TLS app, are you using Full (Strict)?

Yes - Full (Strict)

Ok, so the Cloudflare cert is valid on that site but the one installed on your server isn’t. This means it isn’t a problem at Cloudflare’s end. You can either change from Full (Strict) to Full, or update/get a new SSL cert for your server. You can generate one to install in the SSL/TLS app of your :logo: dashboard under ‘Origin Certificates’.

I guess I’m confused…I thought the Universal certificate is automatically renewed.

The Cloudflare cert is, but to use Full (Strict), you must also have a valid certificate on your server. It is this that is out of date.

Ok thank you. I will do as you suggest and generate a new one to install on server.

Hi again. I checked the origin certificates on my server and the expiration is 2033. So now I’m really confused.

Did you change something? The site is loading for me over HTTPS.

I temporarily changed it to Full

1 Like

Assuming your server’s IP address ends in 99, it would seem your website does not have a certificate at all anymore.

Your - presumable - server does not return a certificate for your domain (not even an expired one) but only the server’s default one. If that is the case you need to contact your host to configure/renew a certificate. If possible, you can also choose the Origin Certificate route @domjh mentioned and get one from Cloudflare and then install/configure it on your server.

That is odd because when I look at SSL certificate in cpanel, I can see the origin certificate ssl%20certificate|690x111

That screenshot did not load.

But the main question is, does your server’s IP end in 99?

Yes it ends in 99

In that case I’d contact the host and clarify why the certificate - despite being apparently configured - is not applied. Maybe they require a full certificate chain but if that is the case it should actually say so somewhere.

Did it suddenly stop working or did you make any changes?

It suddenly stopped working on both sites. I’ve had the certificates installed since around April.

I am afraid I wouldnt have an answer either in this case. I’d contact the host and clarify why the certificate is apparently not used.

Thanks I’m contacting them now.