According to Cloudflare, as long as you have the DigiCert Global Root G2, not the DigiCert Global Root CA, it should update automatically. Go to https://1.1.1.1, click on the lock icon & export the "DigiCert Global Root G2" certificate. Import to Mikrotik.
Per Cloudflare https://community.cloudflare.com/t/cert ... h/600179/3:
Per Cloudflare https://community.cloudflare.com/t/cert ... h/600179/3:
https://community.cloudflare.com/t/upco ... ver/594379We did recently renewed the DoH and DoT certificate for cloudflare-dns.com 8 and the vanity IP hosts before the previous one expires. The renewed certificate was still issued by DigiCert, the problem you’ve run into was probably related to the root certificate got switched from DigiCert Global Root CA to DigiCert Global Root G2. So if your systems did not have the Root G2 installed, they could have the issue.
The certificate will eventually be renewed with a new certificate authority, SSL.com 25. This is due to the fact that Cloudflare is in the process of deprecating DigiCert 25 as a certificate authority.
If you are pinning the certificate chain attached to the Resolver, we highly recommend that you remove the certificate pin. This will ensure that there will be no issues or downtime when the certificate renews.
Statistics: Posted by MTNick — Fri Jan 12, 2024 8:50 pm