Change Universal SSL Certificate Authority
Is there a way to change the universal SSL certificate authority? For one of my zones Google Trust services is the primary with Let's Encrypt as the backup. For all other zones Let's Encrypt is the primary. Is there a way to change the primary/secondary for this zone?
1 Reply
There is, but I would point out first it shouldn't matter. In most use cases, a trusted cert is a trusted cert. Both GTS and LE Certs issued by Cloudflare should all be cross-signed for older Android devices too iirc, so should be same compatibility in that regard.
There's an undocumented api call you could use: https://community.cloudflare.com/t/expired-letsencrypt-root-certificate/311185/16, which should force your primary cert on next renewal to be that provider, your backup should just pick anything else (might be Sectigo or GTS)
But you can only pick between LE
lets_encrypt and GTS google these days I believe, at least for universal.
If you wanted more options, you could pay for Advanced Certificate Manager and issue your own certs via the dashboard