Could not issue an SSL/TLS certificate for my domain (

cloudflare breaks TLS on their edge, and they do tls handshake themselves. so your backend TLS-alpn-01 solver doesn't touched. try dns-01 with cloudflare api token


I've moved your thread to the #help section instead of #issuance-tech-questions, as it's clearly a request for help (with issuance) and not a technical issuance question.

In the #help section you would have been provided a questionnaire, please answer all the questions below to the best of your knowledge:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


As far as I can tell

  • the domain is:
  • the web server is: cloudflare

Here is a list of issued certificates |, the one and only on 2023-03-01 by C=US, O=Google Trust Services LLC, CN=GTS CA 1P5

And using this online tool you will see an infinite redirect for

$ curl -Ii
HTTP/1.1 301 Moved Permanently
Date: Wed, 01 Mar 2023 22:36:58 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/\/report\/v3?s=h24isZZ9giVt%2F%2F2itbdmefmEAaR8ofXJHz71QhfMEvGvN1bW2bxMiFqtLzytnclEM5FCMnwdc%2FuOd0CtW7Z1sS7lgg08PpE7SbIVYwcvhHjLKt%2Bbp%2Bl0ttHF%2Bx6pYFdh%2FrP6Y3c7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7a14e1bf6a82ef9c-PDX
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
$ curl -Ii
HTTP/2 301
date: Wed, 01 Mar 2023 22:37:12 GMT
content-type: text/html; charset=iso-8859-1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/\/report\/v3?s=Fcb3Ndeyw7ZTlbOLsxNjFXlAhTOV3nuJBdCIJvmsvVEweJ825qxFhoJQSTTP2%2FOBKrgmDFlNDGKLSBK%2BzwFjTiHXsoJIViTlv%2F2UpaIxw5MNaRe300Y8e4mT7I65x096eOuNFOrT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a14e21a0a158e60-PDX
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
1 Like

Actually Let's Debug is probably even better showing BadRedirect ERROR

1 Like

That kind of HTTPS to HTTPS redirection loop (301) can be caused by having the CDN configured to connect to the backend server via HTTP.
And the backend server returns the 301 redirection which is passed to the originating request [but that request was already HTTPS - it is the CDN that needs to be configured to use HTTPS (it won't follow the redirection - it merely passes it on)].