Why does the name CloudFlare sometimes appear on my CertBot Certificate when I only want CertBot (Let's Encrypt) and have never used CloudFlare and never want to?
Likely because the certificate was issued by CloudFlare.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Thank you for assisting us in helping YOU!
2 Likes
I suspect that is not the case.
Cloudflare is generally known for its' CDN.
But, it is also provides DNS service [independant from CDN services].
Please answer the questions above or provide a sample public cert (that contains "Cloudflare") to continue.
3 Likes
What do you mean by this, exactly? As Certbot is just an ACME client which can be used for many different ACME servers. But Cloudflare isn't one of those ACME servers, so it's highly unlikely you'll see the name "Cloudflare" somewhere in the certificates known to Certbot.
So you probably mean something else, but what exactly?
4 Likes
A less likely speculation, but if you monitor Certbot's activity, you'll see
acme-v02.api.letsencrypt.org is an alias for prod.api.letsencrypt.org.
prod.api.letsencrypt.org is an alias for ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com.
so Certbot itself is routinely connecting to Cloudflare infrastructure in order to use the Let's Encrypt API (although I doubt one would describe that as seeing Cloudflare's name "on a certificate").
4 Likes
Another wild guess of what might be getting looked at here is certificate transparency timestamps from one of Cloudflare's logs, being stored on the final certificate. So Cloudflare can be involved in the normal operation of a Let's Encrypt certificate, in a way.
6 Likes
If "CloudFlare" is appearing in some sort of certificate viewer (who knows, we can spend time guessing instead) it's because you are using them for your DNS and you have that particular hostname proxied in the cloudflare control panel (the orange cloud icon next to the name in their DNS settings).
I'm guessing you're seeing something like this in your browser when you click the padlock and view the cert details:
5 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.