Looking for Automatic Renewal behind Cloudflare Zero Trust Tunnel solution

My domain is: https://replyreach.app
I ran this command: sudo certbot renew --dry-run *test
It produced this output: Simulating renewal of an existing certificate for replyreach.app Failed to renew certificate replyreach.app with error: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.
My web server is: (locally hosted apache web server behind Cloudflare tunnel)
The operating system my web server runs on: Ubuntu 22.04.1 LTS - Jammy
I can login to a root shell on my machine: Yes

The web server is hosted in my home behind a Cloudflare zero trust tunnel. My workaround this is a manual process on every renewal, but I am hoping to somehow fine an automatic solution? The manual process works. This is the process:

  1. Change Cloudflare tunnel to HTTP
  2. sudo service apache2 stop (to clear port 80)
  3. sudo certbot renew (wait for it to renew)
  4. sudo service apache2 stop
  5. Change Cloudflare tunnel back to HTTPS
  6. sudo service apache2 start

Not an expert with Linux or SSL If anyone knows of a better way to do this, please let me know. Thanks

you may want to use cloudflare's origin certificate if you access that site always by cloudflare


Are you able to use DNS-01 authentication instead?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.