IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: srpeter.com
Type: tls
Detail: remote error: tls: handshake failure
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
you have an up-to-date TLS configuration that allows the server to
communicate with the Certbot client.
This page (http://poke.srpeter.com/) is currently offline. However, because the site uses Cloudflare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Always Online™ is powered by Cloudflare | [Hide this Alert](javascript:void(null)
Letsencrypt checks the http - version.
Perhaps use --manual and the dns-validation, create the dns entry manual to get your first certificate.
TLS-SNI-01 validation can't be used through Cloudflare's reverse proxy. (TLS-SNI-01 is also deprecated for other reasons.)
You can add "--preferred-challenges http-01" to use HTTP-01 validation.
However, stretch has an older version of Certbot (0.10.2), and that will probably fail.
However however, stretch-backports has a quite recent version of Certbot. You should probably enable it and upgrade Certbot.
Additionally, stretch-backports includes Certbot's Cloudflare DNS plugin in the python3-certbot-dns-cloudflare package, if you want to try it.
Edit:
Additionally additionally, for Cloudflare proxied domains, you might want to skip Certbot and Let's Encrypt and uses Cloudflare's Origin CA. (It issues certificates that are trusted by Cloudflare's CDN servers but not by browsers.)
