Let's Encrypt and Cloudflare

demkodo · April 2, 2020, 8:51am

Hi all,

I just set-up a VPS at the amazing, independent service provider, Maadix, who automatically add and renews Let’s Encrypt SSL certificates. Our DNS provider Cloudflare seems to be screwing with it. It seems we have to upgrade to a pricey business account to upload a custom SSL certificate. I hope someone here can shed a light on that, is that true? And if not, is there something I’m missing? Should I SSH and use a certbot to finish the process? * note: I’m a newbie sys admin in training

My domain is: https://discourse.publiccode.net/

My hosting provider, if applicable, is: Cloudlfare

I can login to a root shell on my machine (yes or no, or I don’t know): I need to set this up

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): N/A yet

Many thanks in advance!

Best, D

JuergenAuer · April 2, 2020, 9:05am

Hi @demkodo

if you use the ACME-client of Maadix, you should ask there.

Your configuration has some errors - https://check-your-website.server-daten.de/?q=discourse.publiccode.net

A loop

https://discourse.publiccode.net/ -> https://discourse.publiccode.net/

and a redirect

http://discourse.publiccode.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

to https.

So if the Maadix client uses http validation via http (without a redirect to https), that can't work.

That's a general problem using Cloudflare.

9peppe · April 2, 2020, 9:08am

You can also let cloudflare use their own SSL certs for your domain. This way the public gets the cloudflare cert, and the connections from cloudflare to your server are protected with a Let's Encrypt certificate (But you can also use a cloudflare origin CA certificate, that does not expire every three months.)

demkodo · April 2, 2020, 9:09am

Hi Juergen,

Thanks so much for your fast reply! I’ll jump on it and get it sorted.
I’m aware Cloudflare is shitty, also for other reasons.

Thanks and best,
Deborah

demkodo · April 2, 2020, 9:11am

This sounds like a fair solution as well. I’ll mule it over, thanks for your fast reply, very helpful!

danb35 · April 2, 2020, 11:10am

That hasn't been my experience. But if you don't want them proxying your content (which you probably don't anyway if you're running a Discourse site), just turn off the proxy--change this:

to this:

system · May 2, 2020, 11:10am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Root certificate and verification. Help	3	161	August 8, 2024
Let's make Let's Encrypt work with Cloudflare Help	36	6085	February 10, 2021
Certbot with nginx reverse proxy and CloudFlare Server	3	2246	August 21, 2017
How To Use CloudFlare Along with Let's Encrypt Help	9	7182	April 16, 2017
Let's Encrypt with Cloudflare (Apache) Help	10	1313	March 12, 2023

Let's Encrypt and Cloudflare

Related topics