I’ve been running Ubuntu+Serverpilot+Letsencrypt succesfully for a while. Installation and renewal was configured using this automatic script: https://github.com/rehmatworks/serverpilot-letsencrypt
A few months ago I installed cloudflare to act as a global proxy cache for all my pages and files, and I discovered (the hard way) that this broke certificate renewal. I’ve looked at the options for renewing certificated that are behind the cloudflare proxy and one recommendation is webroot, but I don’t think that’s right for me because I configured my server to redirect all http traffic to https and I like to keep it that way.
Then there is the DNS option for which there is the cloudflare plugin: https://certbot-dns-cloudflare.readthedocs.io/en/latest/
This seems like the correct solution for me but I have 3 questions:
1.The Ubuntu package I have now doesn’t support DNS renewal, so I guess I’ll have to uninstall that and install the latest version manually, is there any documentation for this upgrade path?
2. My certificates were installed with the letsencrypt command (version 0.4) but now I see the documentation refers to “certbot” as the main command, will the latest certbot command still read my certs and renewal/.conf files from /etc/letsencrypt?
3. My certificates are currently renewed using this command in cron: “sudo service nginx-sp stop && yes | letsencrypt --standalone renew &>/dev/null && service nginx-sp start && service nginx-sp reload” – Will I simply replace this with the cloudflare renewal command or do I also have to update my /renewal/.conf files to indicate the usage of DNS01 renewal? or do I have to delete my certificates and install new ones (I hope not because I have no experience with manual installation and nginx configuration)