Using Certbot behind Cloudflare


#1

I’d like to use Certbot for the servers proxied behind Cloudflare service. However the default web authentication method does not work due to following error:

Domain: customer1.staging.example.com
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
Requested 3959483d5a09078bdaad0dca270f18a1.ca8024b953d8e0b4cc99403e
954c8916.acme.invalid from 162.159.243.252:443. Received
certificate containing 'ssl374323.cloudflaressl.com,
*.najambaug.in, *.example.com, najambaug.in, example.com

I assume this is due to the fact Cloudflare proxy terminates the SSL. Any pointers how I should approach this? Alternative verification method or play around with Cloudflare rules?


#2

Use the webroot method or standalone with the --standalone-supported-challenges http-01 flag