So I have a problem where my site is now behind Cloudflare and hence could not renew using
tls-sni-01 challenge, fair, I should use
Problem is, I don’t know how to set it up properly in renewal config.
authenticator = nginx installer = nginx
is my current setup, it works without Cloudflare.
And I have ran both of these commands successfully when behind Cloudflare:
sudo certbot renew --dry-run --webroot --webroot-path /path/to/server/root sudo certbot renew --dry-run --preferred-challenge http-01
- Should I use
webrootfor authenticator instead?
- Can I keep
nginxauthenticator but enable
preferred-challengein renewal conf?
(Note that I was using
preferred-challenges, don’t know if it’s a legacy flag, but it works…)
(I edited the title to better reflect my question)