Expiring Origin SSL Whilst Using a CDN

While using a CDN like Cloudflare, Servebolt CDN, or Accelerated Domains you need to have some sort of SSL installed on the origin server. The type of SSL used here is in most cases a self-signed certificate. It would also work fine if you were to use a properly signed certificate like one of our Sectigo certificates.

However, there is one important remark here and that’s the expiration date of the origin certificates. By default, we have set it up so that your SSL certificates automatically renew when one expires. But we have also made it simple to stop these renewals in our Control Panel. If you have done so and are running a CDN, you can encounter an SSL error down the road. 

How does a CDN work with SSL certificates?

Shortly told, the actual SSL used when running a CDN is the SSL given out by that particular CDN. For example, with Cloudflare, you will end up using their Universal SSL by default. But for that SSL to verify, it needs some sort of SSL installed on the origin server. The CDN can’t verify or issue their SSL if there isn’t any certificate installed at origin.

How to prevent SSL issues with CDNs

First, you should log into our Control Panel and check your domain(s) which is, or will be on a CDN. Check for which type of SSL you have installed. This can be done by clicking the SSL Settings under each domain. Alternatively, you can also go to the SSL section of your account and check the certificates you own. By clicking the settings button on this page you can see if it is set to automatically renew, or not. 

If you have any Sectigo or other certificates you know won’t automatically renew, the best way to prevent potential future SSL errors is to switch that SSL to self-signed. Self-signed certificates are easily installed under the domain where you find the SSL Settings button. 

Image showing the domain, SSL settings and remove button in our Control Panel

And as always, should you have any additional questions please don’t hesitate to contact our support chat at servebolt.com!