So here is what happened: I bought a hosting (a2) and asked the support to set it up.
a2 set up everything, including certificates, they didn’t ask me to issue a certificate on CF to encrypt the connection between them and CF, somehow they did it themselves.
My web site was up and running for about 3 months and now it’s down.
On CF I have my encryption Full (strict) - has been like that for 2 years, so for my web site to work, there should have been be a CF issued cert installed by the support to encrypt a2-CF connection, right?
Now, this cert is gone and it seems that it was replaced by a cPanel one.
I know I can issue another cert and re-install and it will probably fix the problem but I want to know why and how it could happen, maybe anyone knows? Will it happen again?
Can cPanel replace CF cert by it’s own?
Or maybe the cert installed by a2 had a short exp time and that triggered cPanel to replace it?
How do I prevent this from happening again?
I’d greatly appreciate it if anyone could shed a light on this.
That’s sounds like a Let’s Encrypt certificate expired at the end of it’s 90 day lifespan without successfully requesting a replacement. You should probably confirm with A2 how they set up the previous certificate and report back with that information so we can provide better guidance.
Unfortunately, a2 support are apes, I’ve spent 2 hrs with them today, including lev2 senior support, they have no idea how they set it up or refuse to check their logs, all they tell me is that I’m dead wrong, I need to turn off full encryption, switch to flexible and use their own cert, can provide transcript if you like. Talking to them is not happening.
Is Let’s Encrypt your certificate?
As I said my encryption was set to full 2 yrs ago and never changed, so it must have been a CF compatible one.
My biggest question is how this cert could have been automatically(?) replaced and how can I stop this from happening again?
The Cloudflare certificate that you are thinking of is:
No one here can answer your
Only A2 can tell you that. If you don’t want to endure another engagement with them, you may want just skip ahead to issuing and installing a Cloudflare Origin CA certificate. It shouldn’t remove itself from your cPanel, but that’s not a platform you will find many answers for here.
They did, as I said I have the transcript, but I experienced this issue before with another host as well. I install a cert to their cPanel and a few months later it gets replaced w/o any warning. I believe it must be a cPanel issue and it’s hard to find a host w/o it. It can not be that no one had this problem before.
