Certificate issuance issues (Regarding CloudFlare and Apache)

Note: I realize I just posted a thread a few minutes ago regarding a different issue however, based on the community guidelines I felt it would be most appropriate to create a whole new thread regarding this issue instead of derailing the other thread. I have no issue with a moderator merging this thread with my previous one :stuck_out_tongue:.

Hi guys. I’m having quite a few issues with issue certificates. I managed to issue one successfully last night however it required two rather large changes in my current setup.

Firstly I had to allow Apache to bind to all IP on my server, which presents an issue as I prefer to only allow Apache to run on one IP. Secondly I had to disable CloudFlare protection on the site (as this interferes with LE’s ability to look up the IP the A record points to.

I was wondering if it is, more specifically, possible to run Apache on an IP which is not the primary one and hence not have to allow Apache to bind to all IPs allocated to the server in order to simply issue/renew a certificate.

This wouldn’t present a huge problem, if that it, the certificates were not so short and while I personally, agree they should be just 90 days, if I am to automate this process it is important it is possible to issue/renew without making changes in my current setup.

Many thanks! Very much looking forward to a fully encrypted web with such a friendly community!

This also happened to me once I had a working certificate on https, and redirect all traffic to https from http. I forgot that I needed www. and the non www version. So to recreate the certificate I had to remove the permanent redirect and retry. #ratheranoying.

I agree. I just submitted this issue on GitHub;

Hoping to see a fix :smile:

1 Like

Regarding the Github issue I submitted, the client has been update to fix the issue I was having with Apache; https://github.com/letsencrypt/letsencrypt/issues/1739#event-486159178 (fixed by this pull request; https://github.com/letsencrypt/letsencrypt/pull/1831). The CloudFlare issue appears to only be solvable by disabling CloudFlare. With that, I’m marking this thread as [Solved] and leaving it up to a moderator as to what to do next, should they want to lock this thread they are very welcome to do so.