cloudflare breaks TLS on their edge, and they do tls handshake themselves. so your backend TLS-alpn-01 solver doesn't touched. try dns-01 with cloudflare api token
I've moved your thread to the #help section instead of #issuance-tech-questions, as it's clearly a request for help (with issuance) and not a technical issuance question.
In the #help section you would have been provided a questionnaire, please answer all the questions below to the best of your knowledge:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
As far as I can tell
- the domain is: hrinnovative.com.my
- the web server is: cloudflare
Here is a list of issued certificates crt.sh | hrinnovative.com.my, the one and only on 2023-03-01 by C=US, O=Google Trust Services LLC, CN=GTS CA 1P5
And using this online tool https://www.redirect-checker.org/ you will see an infinite redirect for https://hrinnovative.com.my/.well-known/acme-challenge/sometestfile
$ curl -Ii http://hrinnovative.com.my/.well-known/acme-challenge/sometestfile
HTTP/1.1 301 Moved Permanently
Date: Wed, 01 Mar 2023 22:36:58 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Location: https://hrinnovative.com.my/.well-known/acme-challenge/sometestfile
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h24isZZ9giVt%2F%2F2itbdmefmEAaR8ofXJHz71QhfMEvGvN1bW2bxMiFqtLzytnclEM5FCMnwdc%2FuOd0CtW7Z1sS7lgg08PpE7SbIVYwcvhHjLKt%2Bbp%2Bl0ttHF%2Bx6pYFdh%2FrP6Y3c7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7a14e1bf6a82ef9c-PDX
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
$ curl -Ii https://hrinnovative.com.my/.well-known/acme-challenge/sometestfile
HTTP/2 301
date: Wed, 01 Mar 2023 22:37:12 GMT
content-type: text/html; charset=iso-8859-1
location: https://hrinnovative.com.my/.well-known/acme-challenge/sometestfile
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fcb3Ndeyw7ZTlbOLsxNjFXlAhTOV3nuJBdCIJvmsvVEweJ825qxFhoJQSTTP2%2FOBKrgmDFlNDGKLSBK%2BzwFjTiHXsoJIViTlv%2F2UpaIxw5MNaRe300Y8e4mT7I65x096eOuNFOrT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a14e21a0a158e60-PDX
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Actually Let's Debug is probably even better showing BadRedirect ERROR https://letsdebug.net/hrinnovative.com.my/1392313
That kind of HTTPS to HTTPS redirection loop (301) can be caused by having the CDN configured to connect to the backend server via HTTP.
And the backend server returns the 301 redirection which is passed to the originating request [but that request was already HTTPS - it is the CDN that needs to be configured to use HTTPS (it won't follow the redirection - it merely passes it on)].
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.