Using Certbot behind Cloudflare


I’d like to use Certbot for the servers proxied behind Cloudflare service. However the default web authentication method does not work due to following error:

Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
Requested 3959483d5a09078bdaad0dca270f18a1.ca8024b953d8e0b4cc99403e
954c8916.acme.invalid from Received
certificate containing ',
*, *,,

I assume this is due to the fact Cloudflare proxy terminates the SSL. Any pointers how I should approach this? Alternative verification method or play around with Cloudflare rules?


Use the webroot method or standalone with the --standalone-supported-challenges http-01 flag