Universal SSL certificate is not being applied

I have the SSL settings in Cloudflare for my domain set to flexible, but my traffic is not secured for some reason. I used to be able to view the certificate details and see that the SSL was provided by Cloudflare, but now it only shows my expired certificate. Why isn’t the cloudflare certificate not being applied on traffic delivered through the cloudflare network? I have verified that I do have the domain being proxied through Cloudflare so it should automatically be working, as it always has in the past.

What you you mean when you say my expired certificate? Do you have a certificate on your origin (which seems to conflict with the setting of SSL Mode to Flexible)?

Do you have a Custom certificate uploaded to Cloudflare?

Can you share the domain?

Sorry for the confusion. By “my expired certificate” I’m referring to the third party certificate on the origin server which has as of late, been expired. As you said, this is in conflict with how I understand the “Flexible” SSL mode should work.

I have not uploaded any certificates to Cloudflare, rather I’m using the one found in the SSL settings of the domain on the Edge Certificates tab, which covers the domain and its first level subdomains. It has been my understanding that that certificate is used to encrypt traffic between the user and the Cloudflare server when the domain’s traffic is proxied through Cloudflare’s network .

When I view the certificate details in the browser, rather than seeing information regarding a Cloudflare issued certificate, I instead see info for the third party certificate installed on the origin server. In the past, traffic routed through Cloudflare’s network would automatically be secured through a Cloudflare signed certificate, given enough time for the certificate to be verified and issued accordingly.

Interestingly, there are subdomains of this same domain hosted on other servers, which were and still are automatically secured with a Cloudflare signed certificate. The only difference I see, is that the subdomains which are using the correct certificate are all WordPress sites with the Cloudflare plugin installed, whereas the affected domain was built on Drupal, which has no officially supported Cloudflare `module available. That being said, I don’t see how it would make any difference whatsoever what app the domain is running on.

As far as the name of the domain, I’m unfortunately not able to share it in a public setting like this. Regardless, I hope I’ve at least clarified things enough to give a clearer understanding of what the problem is. Thanks!

That indicates that your hostname is :grey: on the dashboard. Can you double-check that the DNS record is :orange:?

Are you subscribing to Cloudflare Spectrum?

Can you run this command, and confirm whether or not you get Cloudflare IPs? (replace www.example.com with your hostname.)

dig +short a www.example.com aaaa www.example.com

The TLS connection happens at too early in the process for the type of application on your Origin to really matter. You should see the Cloudflare issued certificate if there was no origin at all!

This topic was automatically closed after 30 days. New replies are no longer allowed.