Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: Prefer not to list
I ran this command: auto cert renewal
It produced this output: status 403
My web server is (include version): IIS
The operating system my web server runs on is (include version): Windows Server 2016
My hosting provider, if applicable, is: Self Hosted with CloudFlare DDNS
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Yes
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): ACME V2.1.20
Not sure what change was made recently if it was Cloudflare or LetsEncrypt but I always used Cloudflare with Proxying on to protect my public IP on my WebHost... Never had issues with auto cert renewal before. I have a dynamic IP and I'm using Cloudflare's DDNS tool to keep my DNS up to date with Cloudflare. I verified my IP address is reflecting properly on Cloudflare and locally. The auto-renewal script is failing with the Status 403 error. I rechecked all my DNS settings no issues were found. As a test, I removed one of my sites from Proxing IP and attempted to renew again. This time it worked.
It appears Cloudflare Proxying is preventing renewals from working, however no changes were made on my end. Why is this only starting to happen now? My renewals have been working for over two years now with zero issues?... See image below. it appears to be unable to find the challenge directory. However, clearly 80 and 443 are open and again, it works fine with Cloudflare Proxing turned off.