How To Use CloudFlare Along with Let's Encrypt


#1

So.,
I Have Cloudflare activated in my site to hide the real IP of the VPS. In Addition to that I’ve also installed cloudflare apache mod so that I get correct IP addresses of my site visitors.

So, now., when trying to renew the certificate it is giving me errors., I can’t renew before disabling CloudFlare so the IP turns to the real one., and I really think this is not possible to maintain it every 3 months,

Is there any fix for the problem ?

Thanks All.,
Warm Regards


#2

For some strange reason the questionnaire which was presented to you when you opened this thread in the Help category has disappeared. Could you try to fill it out again please, at least as best as you can? You can obfuscate your domain name, sure, but the more info we have, the better, especially the “I ran this command” and “it produced this output”. My crystal balls was broken yesterday, so you’ll have to tell us this info…

Please fill out the fields below so we can help you better.

My domain is:

I ran this command:

It produced this output:

My operating system is (include version):

My web server is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

Hey !!
There You Go :

I ran this command:
sudo letsencrypt renew

It produced this output:

And
(I will upload the pic in next post since I am unable to attach 2 pics in 1 post)
My operating system is (include version): Ubuntu 16.04 (x32)
My web server is (include version): Apache2

Looking forward for your help.
Thanks.


#4


#5

OK, so you’re using the tls-sni-01 challenge to verify your domain. That isn’t going to work with CloudFlare active.

The best solution, IMHO, is to use the webroot challenge. That challenge works with a single file, which will pass through CloudFlares CDN services.

Do you have/know the original command you used to get the certificate in the first place?


#6

Hey there,
Sorry for replying late.

First time, The thing I did, was.,
I just just installed the certificate first, then activated cloudflare.

Well., apart from that., I have no knowledge about tls-sni-01 challenge or webroot challenge.
Can you please help me in that ?


#7

See:


#8

How do you Install lets encrypt on Cloudflare?


#9

Hi @trevor,

For the basic CloudFlare plans, there isn’t a way to import your own certificate, so you won’t be able to use a Let’s Encrypt certificate on the publicly-visible CloudFlare service, unless you pay for a plan that supports this option.

Many CloudFlare users won’t even benefit from a Let’s Encrypt certificate, because CloudFlare can give you its own certificate for use with your origin server (the server that you run that CloudFlare is proxying for). CloudFlare will accept that CloudFlare-issued certificate for HTTPS connections between its CDN service and your origin server, and it will issue its own publicly-trusted certificate for HTTPS connections between end-users and the CDN service.

If you do want to get a Let’s Encrypt certificate for the origin server, even though there might not be much of a reason to do so, you should note that the TLS-SNI-01 verification method doesn’t work if the Let’s Encrypt CA isn’t connecting directly to the origin service (which is true if you have CloudFlare in front of your site when you get the certificate!). Other verification methods, HTTP-01 and DNS-01, will work in this case by letting you post files on your site or update DNS records for your site.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.