Cant create cert on cloudflare unless not proxied?


My domain is:

Whenever I try to create certs on my cloudlfare domain it fails unless I turn of proxied in my dns entries. Is there another way to fix this?

It produced this output:

Thanks in advance.

@lestaff this output in HTTP-01 looks to me like a Cloudflare interactive interstitial page. Can we tell whether it’s a Cloudflare error (in which case @HenryKleinschmidt has to fix something in the configuration) as opposed to a CAPTCHA or something? Do other HTTP-01 validations to 2606:4700:3037::681b:9e1a continue to complete successfully?

@HenryKleinschmidt could you try accessing the same /.well-known/acme-challenge resources from the error in a browser while Certbot has the challenges set up on your server? You could probably preserve this situation by using the --debug-challenges option in Certbot.


A semi-common cause of this issue is having Cloudflare configured to require a valid origin certificate, which can result in a Cloudflare interstitial with error code 525 or 526.

If you are stopping your webserver and running standalone mode, this might be the cause.

You can try confirm by setting your SSL mode to “Flexible” in the Cloudflare control panel and trying again.


The truncated output in the error message is all that we log, so we can’t see the rest of the HTML to figure out what type of error it was.

Pulling logs to answer questions like this is pretty time consuming, so we generally avoid it except in really unusual cases or where we have reason to believe there’s a problem on our side.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.