Cloudflare CA deprecated?

We've got multiple domains under different plans (one partial enterprise, most business, the rest free) that are proxied.

Many/most of our domains were looking like

CN=sni.cloudflaressl.com, CA=Cloudflare Inc

CN=sni.cloudflaressl.com, CA=Cloudflare Inc

CN=sni.cloudflaressl.com, CA=Cloudflare Inc

CN=sni.cloudflaressl.com, CA=Cloudflare Inc

but nowadays we're getting a lot of Google and Let's Encrypt issuances with hostnames as CN.

re the:

Issuer: CN=Cloudflare Inc ECC CA-3,O=Cloudflare\, Inc.,C=US
Issuer: CN=Cloudflare Inc RSA CA-2,O=Cloudflare\, Inc.,C=US

Issuer: CN=Cloudflare Inc ECC CA-3,O=Cloudflare\, Inc.,C=US
Issuer: CN=Cloudflare Inc RSA CA-2,O=Cloudflare\, Inc.,C=US

Issuer: CN=Cloudflare Inc ECC CA-3,O=Cloudflare\, Inc.,C=US
Issuer: CN=Cloudflare Inc RSA CA-2,O=Cloudflare\, Inc.,C=US

Issuer: CN=Cloudflare Inc ECC CA-3,O=Cloudflare\, Inc.,C=US
Issuer: CN=Cloudflare Inc RSA CA-2,O=Cloudflare\, Inc.,C=US

CAs being deprecated? If they're sticking around, we're missing an injected CAA record for it, should we have something?

Cloudflare CA deprecated?

Similar Threads

Similar Threads

Similar Threads