Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
NGINX - Unknown version
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): 0.30.2
Okay, so my question
I already have my certificate for my website. I really don’t want to regenerate it, because that would mean ensuring I generate the certificate for my domains, and it’s 20+ subdomains. Along with that, one of the subdomains is hosted on a separate server, which means sending over the certificate, ensuring I have the system using the new certificate, and running tests on everything, and ensuring nothing starts throwing errors.
However, CloudFlare doesn’t like my certificate. I don’t use theirs, because if I disable CloudFlare, it then throws errors. That’s why I use LetsEncrypt. However, now if I do enable it, I can’t access my site. I’m assuming it’s because CloudFlare doesn’t have my encryption info. However, on the control panel, to add it, it asks for a CSR. I frankly have no clue what a CSR is. However, I do know I need to somehow get one, but I can’t have it replace my already existing certificates.
Just in case this is helpful, I don’t use LetsEncrypt’s CLI tool to generate the profile for NGINX. I select “None of the Above” for my web software. I don’t want it messing up my many NGINX config files. I have a specific location I store my systems keys, so I copy the keys from wherever LetsEncrypt puts them, to that location. Then my webserver and email server ( already knowing that location ) easily switch over.
Sorry if I’m missing something. I saw topics talking about generating new certificates to get a CSR, but replacing all of my certificates, updating everything, ensuring everything took effect, and making sure some of the more panicky browsers don’t have a hissy fit ( like Safari did when I updated my certificate before it expired ).
Thanks in advanced!