Cloudflare renewal problem

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: kborowy.pl

I ran this command: renew dry run

It produced this output:
Attempting to renew cert (kborowy.pl) from /etc/letsencrypt/renewal/kborowy.pl.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the webroot for kborowy.pl:. Skipping.

My web server is (include version): apache 2.4 as i remember

The operating system my web server runs on is (include version):centos 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): y

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.7.0

What can be done to make it working via cloudflare?

1 Like

Try this to test:

sudo certbot certonly --webroot -w /var/www/html -d "kborowy.pl,www.kborowy.pl" --dry-run

If that succeeds, run this:

sudo certbot run --webroot -w /var/www/html -d "kborowy.pl,www.kborowy.pl" --deploy-hook "sudo apachectl -k graceful"


You should consider using a Cloudflare Origin CA certificate rather than a Let's Encrypt certificate. They last much longer and are easier to manage via Cloudflare.

2 Likes

Hi griffin, thanks for response.
Nothing from certbot commands work.

Please, cause i see not really clear this cloudflare pages. When i got letsencrypt cert and use it via cloudflare i should see (with strict full encryption) letsenrcypt cert when checking green padlock info.

What should i see when i am using cloudflare origin cert? Cause now i see one year cert, not 15 y one. Is it ok?
Check my webpage please and let me know.
On CL pages i see green medal on origin server and 2 green padlocks. How can i verify if it is all working fine?

1 Like

You will never see a Let's Encrypt certificate through Cloudflare when checking the padlock unless you have a premium Cloudflare plan and upload your own certificate. If you visit the "end-to-end" link I gave you, you'll see why. A Let's Encrypt certificate only covers between Cloudflare and your server. That's also what a Cloudflare Origin CA certificate covers. The certificate you see in the image below is the Cloudflare certificate that covers between your visitors and Cloudflare. It's the only certificate that you (or your visitors) will ever see.

Exhibit A:

Are You sure You need premium plan?

1 Like

Is there any way to check webpage plan (webpage which is not mine) ?

1 Like

Absolutely.


I assume you would only know specifically by looking at the Cloudflare account. You could infer the plan type based on the usage of more advanced features (like Custom SSL).

Only if you require a Let's Encrypt visible to the users webbrowser. Note that CloudFlare certificates are trusted and secure too..

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.