auto-renew certbot with Cloudflare












0















I am running nginx and cloudflare. For nginx ssl I use letsencrypt via certbot, which handles the connection from my server to cloudflare. cloudflare itself has an additional certificate, which handles the connections between cloudflare and the website users. The problem is now that I have to pause cloudlfare everytime when I renew letsencrypt:



sudo certbot renew


Else I get an error:




Incorrect validation certificate for tls-sni-01 challenge requested.
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.




Is there another way to auto renew it without pausing cloudflare?










share|improve this question



























    0















    I am running nginx and cloudflare. For nginx ssl I use letsencrypt via certbot, which handles the connection from my server to cloudflare. cloudflare itself has an additional certificate, which handles the connections between cloudflare and the website users. The problem is now that I have to pause cloudlfare everytime when I renew letsencrypt:



    sudo certbot renew


    Else I get an error:




    Incorrect validation certificate for tls-sni-01 challenge requested.
    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.




    Is there another way to auto renew it without pausing cloudflare?










    share|improve this question

























      0












      0








      0








      I am running nginx and cloudflare. For nginx ssl I use letsencrypt via certbot, which handles the connection from my server to cloudflare. cloudflare itself has an additional certificate, which handles the connections between cloudflare and the website users. The problem is now that I have to pause cloudlfare everytime when I renew letsencrypt:



      sudo certbot renew


      Else I get an error:




      Incorrect validation certificate for tls-sni-01 challenge requested.
      To fix these errors, please make sure that your domain name was
      entered correctly and the DNS A/AAAA record(s) for that domain
      contain(s) the right IP address.




      Is there another way to auto renew it without pausing cloudflare?










      share|improve this question














      I am running nginx and cloudflare. For nginx ssl I use letsencrypt via certbot, which handles the connection from my server to cloudflare. cloudflare itself has an additional certificate, which handles the connections between cloudflare and the website users. The problem is now that I have to pause cloudlfare everytime when I renew letsencrypt:



      sudo certbot renew


      Else I get an error:




      Incorrect validation certificate for tls-sni-01 challenge requested.
      To fix these errors, please make sure that your domain name was
      entered correctly and the DNS A/AAAA record(s) for that domain
      contain(s) the right IP address.




      Is there another way to auto renew it without pausing cloudflare?







      cloudflare lets-encrypt certbot auto-renewing






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Dec 29 '18 at 13:32









      saitamsaitam

      887829




      887829
























          1 Answer
          1






          active

          oldest

          votes


















          1














          I ran into this before and thought some Cloudflare page rules would help



          Rule 1 http://.domain.com/.well-known/acme-challenge/ => cache level = standard



          Rule 2 http://*.domain.com/ => Always use HTTPS



          This seemed to work fine for all my domains until just today, one of them failed to renew certbot correctly, so I am also interested in anybody else's input.






          share|improve this answer























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53970028%2fauto-renew-certbot-with-cloudflare%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            I ran into this before and thought some Cloudflare page rules would help



            Rule 1 http://.domain.com/.well-known/acme-challenge/ => cache level = standard



            Rule 2 http://*.domain.com/ => Always use HTTPS



            This seemed to work fine for all my domains until just today, one of them failed to renew certbot correctly, so I am also interested in anybody else's input.






            share|improve this answer




























              1














              I ran into this before and thought some Cloudflare page rules would help



              Rule 1 http://.domain.com/.well-known/acme-challenge/ => cache level = standard



              Rule 2 http://*.domain.com/ => Always use HTTPS



              This seemed to work fine for all my domains until just today, one of them failed to renew certbot correctly, so I am also interested in anybody else's input.






              share|improve this answer


























                1












                1








                1







                I ran into this before and thought some Cloudflare page rules would help



                Rule 1 http://.domain.com/.well-known/acme-challenge/ => cache level = standard



                Rule 2 http://*.domain.com/ => Always use HTTPS



                This seemed to work fine for all my domains until just today, one of them failed to renew certbot correctly, so I am also interested in anybody else's input.






                share|improve this answer













                I ran into this before and thought some Cloudflare page rules would help



                Rule 1 http://.domain.com/.well-known/acme-challenge/ => cache level = standard



                Rule 2 http://*.domain.com/ => Always use HTTPS



                This seemed to work fine for all my domains until just today, one of them failed to renew certbot correctly, so I am also interested in anybody else's input.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jan 8 at 10:03









                scollonpscollonp

                212




                212






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53970028%2fauto-renew-certbot-with-cloudflare%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Monofisismo

                    compose and upload a new article using a custom form

                    How to correct the classpath of spring boot application so that it contains a single, compatible version of...