SSL certificates are not renewing

Problem statement

The SSL certificates have a close date to expiry and are not renewing themselves.

Solution

Cloudflare has made a change to their allowed Certificate Authorities, and will no longer support DigiCert. Starting November 1, 2022, certificate renewals may occur with a different CA. As long as you are not pinning certificates, no action is required.

If you are currently using AWS Cognito, it requires updating the thumbprint information in Cognito identity provider configurations. This must be updated with all of the following thumbprints to ensure that the replacement certificate is accepted:

CABD2A79A1076A31F21D253635CB039D4329A5E8
151682F5218C0A511C28F4060A73B9CA78CE9A53
BDB1B93CD5978D45C6261455F8DB95C75AD153AF
933C6DDEE95C9C41A40F9F50493D82BE03AD87BF

Regarding Cloudflare, our team is still working on this. Once we have more information, we will update and send notifications.