Let's Encrypt and Cloudflare

Hi all,

I just set-up a VPS at the amazing, independent service provider, Maadix, who automatically add and renews Let’s Encrypt SSL certificates. Our DNS provider Cloudflare seems to be screwing with it. It seems we have to upgrade to a pricey business account to upload a custom SSL certificate. I hope someone here can shed a light on that, is that true? And if not, is there something I’m missing? Should I SSH and use a certbot to finish the process? * note: I’m a newbie sys admin in training :slight_smile:

My domain is: https://discourse.publiccode.net/

My hosting provider, if applicable, is: Cloudlfare

I can login to a root shell on my machine (yes or no, or I don’t know): I need to set this up

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): N/A yet

Many thanks in advance!

Best, D

1 Like

Hi @demkodo

if you use the ACME-client of Maadix, you should ask there.

Your configuration has some errors - https://check-your-website.server-daten.de/?q=discourse.publiccode.net

A loop

https://discourse.publiccode.net/ -> https://discourse.publiccode.net/

and a redirect

http://discourse.publiccode.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

to https.

So if the Maadix client uses http validation via http (without a redirect to https), that can’t work.

That’s a general problem using Cloudflare.

2 Likes

You can also let cloudflare use their own SSL certs for your domain. This way the public gets the cloudflare cert, and the connections from cloudflare to your server are protected with a Let’s Encrypt certificate (But you can also use a cloudflare origin CA certificate, that does not expire every three months.)

2 Likes

Hi Juergen,

Thanks so much for your fast reply! I’ll jump on it and get it sorted.
I’m aware Cloudflare is shitty, also for other reasons.

Thanks and best,
Deborah

1 Like

This sounds like a fair solution as well. I’ll mule it over, thanks for your fast reply, very helpful!

1 Like

That hasn’t been my experience. But if you don’t want them proxying your content (which you probably don’t anyway if you’re running a Discourse site), just turn off the proxy–change this:
image
to this:
image

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.