Skip to content

[SSL] More details on cert expiration and renewal #18290

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 26, 2024
Merged

[SSL] More details on cert expiration and renewal #18290

merged 6 commits into from
Nov 26, 2024

Conversation

@RebeccaTamachiro
Copy link
Contributor

@RebeccaTamachiro RebeccaTamachiro commented Nov 20, 2024

Summary

PCX-9284: Call out that for CF to handle intermediate or root expiration, customer must upload leaf only
PCX-10127: More clarity around Universal SSL renewal

Documentation checklist

@github-actions github-actions bot added size/xs product:ssl Related to SSL labels Nov 20, 2024
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Nov 20, 2024
edited
Loading

Deploying cloudflare-docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: d2da0a3
Status: ✅  Deploy successful!
Preview URL: https://194e312d.cloudflare-docs-7ou.pages.dev
Branch Preview URL: https://rebecca-ssl-review-renewal-i.cloudflare-docs-7ou.pages.dev

View logs

@github-actions
Copy link
Contributor

github-actions bot commented Nov 20, 2024
edited
Loading

Files with changes (up to 15)

Original Link Updated Link
https://developers.cloudflare.com/ssl/edge-certificates/universal-ssl/enable-universal-ssl/ https://rebecca-ssl-review-renewal-i.cloudflare-docs-7ou.pages.dev/ssl/edge-certificates/universal-ssl/enable-universal-ssl/
https://developers.cloudflare.com/ssl/edge-certificates/universal-ssl/ https://rebecca-ssl-review-renewal-i.cloudflare-docs-7ou.pages.dev/ssl/edge-certificates/universal-ssl/
https://developers.cloudflare.com/ssl/edge-certificates/custom-certificates/uploading/ https://rebecca-ssl-review-renewal-i.cloudflare-docs-7ou.pages.dev/ssl/edge-certificates/custom-certificates/uploading/

@RebeccaTamachiro RebeccaTamachiro marked this pull request as ready for review November 20, 2024 14:12
@RebeccaTamachiro RebeccaTamachiro requested a review from a team as a code owner November 20, 2024 14:12
@github-actions github-actions bot added size/s and removed size/xs labels Nov 20, 2024
Oxyjun
Oxyjun reviewed Nov 26, 2024
View reviewed changes
src/content/docs/ssl/edge-certificates/custom-certificates/uploading.mdx Outdated
## Upload a custom certificate

:::caution
When using `compatible` or `modern` [bundling](/ssl/edge-certificates/custom-certificates/bundling-methodologies), make sure to upload only the leaf certificate. This will allow Cloudflare to properly handle [intermediate and root certificates expiration](/ssl/edge-certificates/custom-certificates/bundling-methodologies/#intermediate-and-root-certificates).
Copy link
Contributor

@Oxyjun Oxyjun Nov 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
When using `compatible` or `modern` [bundling](/ssl/edge-certificates/custom-certificates/bundling-methodologies), make sure to upload only the leaf certificate. This will allow Cloudflare to properly handle [intermediate and root certificates expiration](/ssl/edge-certificates/custom-certificates/bundling-methodologies/#intermediate-and-root-certificates).
When using `compatible` or `modern` [bundling](/ssl/edge-certificates/custom-certificates/bundling-methodologies), make sure to upload only the leaf certificate. This will allow Cloudflare to properly handle [intermediate and root certificate expiration](/ssl/edge-certificates/custom-certificates/bundling-methodologies/#intermediate-and-root-certificates).

Or, "certificates' expiration"?

Oxyjun
Oxyjun reviewed Nov 26, 2024
View reviewed changes
src/content/partials/ssl/universal-ssl-validity.mdx Outdated
Universal certificates issued by Let's Encrypt, Google Trust Services, or SSL.com have a 90-day validity period. Cloudflare no longer uses DigiCert for newly issued Universal certificates and, for existing ones, the validity period is being adjusted from one year to 90 days.
Universal certificates issued by Let's Encrypt, Google Trust Services, or SSL.com have a 90-day validity period. Cloudflare no longer uses DigiCert for newly issued Universal certificates and, for existing ones, the validity period is being adjusted from one year to 90 days.

For 90-days certificates, the auto renewal period starts 30 days before expiration.
Copy link
Contributor

@Oxyjun Oxyjun Nov 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
For 90-days certificates, the auto renewal period starts 30 days before expiration.
For 90-day certificates, the auto renewal period starts 30 days before expiration.

@RebeccaTamachiro RebeccaTamachiro enabled auto-merge (squash) November 26, 2024 17:10
@RebeccaTamachiro RebeccaTamachiro merged commit 85b003a into production Nov 26, 2024
12 checks passed
@RebeccaTamachiro RebeccaTamachiro deleted the rebecca/ssl-review-renewal-info branch November 26, 2024 17:20
harshil1712 pushed a commit that referenced this pull request Dec 3, 2024
@RebeccaTamachiro @harshil1712
[SSL] More details on cert expiration and renewal (#18290)
05071b5 
* Add note about leaf cert and Cf handling of chain expiration

* Link to cert-validity-periods from USSL glossary definition

* Fix typo and spell out auto renewal 30 days before expiration

* Add link from index and enable-universal-ssl for discoverability

* Add mention to DCV in relation to renewal as well

* Process PCX review suggestions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Oxyjun Oxyjun Oxyjun approved these changes

Assignees

No one assigned

Labels

product:ssl Related to SSL size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RebeccaTamachiro @Oxyjun