Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: new instance of site, so old domain isn't helpful
I ran this command: I ran the Amazon Lightsail Tutorial on using bncert tool for automated SSL certificate. It worked great for two weeks, then we switch DNS from GoDaddy to CloudFlare and it killed the site.
It produced this output: 302 redirect failures and when looking at the direct IP for the server it couldn't find the wp-admin or wp-login pages.
My web server is (include version): Amazon Lightsail
The operating system my web server runs on is (include version): Apache2
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): I can SSH into the server and can access site from FTP.
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): bncert-tool
What issue would cause there to be an internal domain name routing issue after changing DNS provider.
But, my guess w/out that is you proxied the domain name in Cloudflare and now have the Cloudflare CDN SSL settings such it is causing problems with your Origin Server.
Try disabling the "proxy" of the DNS in Cloudflare so that it operates as a regular DNS provider and go from there.
Or, give us the domain name so we can research it better.
The only reason it seems like a Let's Encrypt issue is that after changing turning off Cloudflare proxy and switching back to original setup, it would hit the server and die. There became an issue with internal routing. It wasn't able to land on the home page or login page.
We disable plugins and re-issued new certificate and the wp-admin page and home page were unable to be found/displayed.
It seemed to be an internal domain routing error, and Let's Encrypt was the only thing on server that would have touched these areas.
I can provide, but we created a new instance of the site and rebuilt, so running tools on the domain would no longer diagnose that servers issues unfortunately. We needed to get things up again.
That said, I did turn off Cloudflare proxy and it still was not able to display the home page, wp-admin page, or the wp-login page.
We turned off plugins as well and this wasn't causing the redirect.
I used the BNCERT tool to create certificate, re-direct HTTP to HTTPS, non-www to www, and did not route www to non-www. The only change after this was moving from GoDaddy DNS where A record was the server static IP to Cloudflare custom nameservers where we tried with both proxy on and proxy off.
Additional errors we saw were that it stopped picking up the wp-admin page and home page, though we didn't touch these before or after DNS change.
Any other thoughts on this outside of Proxy being turned off in cloudflare?
No, you have only provided very general info so I can't offer specific advice.
You might want to ask on a WordPress forum, the Cloudflare community, an Apache forum, or the bncert docs.
A 302 is issued by your own server (or, say, the Cloudflare CDN maybe when proxied), not by Let's Encrypt. And, not being able to see your pages is also a server problem not a certificate problem.
I don't see anything in your description that indicates a Let's Encrypt cert issue.