How to check SSL certificate expiry on Cloudflare
Cloudflare auto-renews the edge certificate it presents to visitors, but the origin certificate on your server (used with “Full (strict)” mode) does not auto-renew and is a frequent cause of outages.
Check the edge certificate visitors see
This is the certificate Cloudflare presents at its edge. It’s usually auto-managed, but worth confirming.
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null \
| openssl x509 -noout -dates -issuerCheck the origin certificate
In the Cloudflare dashboard go to SSL/TLS → Origin Server to see your origin certificate’s validity. Cloudflare Origin CA certs can be valid up to 15 years — but they still expire, and nothing reminds you. Monitor the origin host directly (not through the edge).
Don’t want to run this by hand every month?
SSLNudge checks Cloudflare endpoints daily and alerts you before expiry.
Related errors
Tip: paste a hostname into the free SSL checker to see its expiry right now.