auto-renew certbot with Cloudflare












0















I am running nginx and cloudflare. For nginx ssl I use letsencrypt via certbot, which handles the connection from my server to cloudflare. cloudflare itself has an additional certificate, which handles the connections between cloudflare and the website users. The problem is now that I have to pause cloudlfare everytime when I renew letsencrypt:



sudo certbot renew


Else I get an error:




Incorrect validation certificate for tls-sni-01 challenge requested.
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.




Is there another way to auto renew it without pausing cloudflare?






cloudflare lets-encrypt certbot auto-renewing







share|improve this question



























    0















    I am running nginx and cloudflare. For nginx ssl I use letsencrypt via certbot, which handles the connection from my server to cloudflare. cloudflare itself has an additional certificate, which handles the connections between cloudflare and the website users. The problem is now that I have to pause cloudlfare everytime when I renew letsencrypt:



    sudo certbot renew


    Else I get an error:




    Incorrect validation certificate for tls-sni-01 challenge requested.
    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.




    Is there another way to auto renew it without pausing cloudflare?






    cloudflare lets-encrypt certbot auto-renewing







    share|improve this question

























      0












      0








      0








      I am running nginx and cloudflare. For nginx ssl I use letsencrypt via certbot, which handles the connection from my server to cloudflare. cloudflare itself has an additional certificate, which handles the connections between cloudflare and the website users. The problem is now that I have to pause cloudlfare everytime when I renew letsencrypt:



      sudo certbot renew


      Else I get an error:




      Incorrect validation certificate for tls-sni-01 challenge requested.
      To fix these errors, please make sure that your domain name was
      entered correctly and the DNS A/AAAA record(s) for that domain
      contain(s) the right IP address.




      Is there another way to auto renew it without pausing cloudflare?






      cloudflare lets-encrypt certbot auto-renewing







      share|improve this question














      I am running nginx and cloudflare. For nginx ssl I use letsencrypt via certbot, which handles the connection from my server to cloudflare. cloudflare itself has an additional certificate, which handles the connections between cloudflare and the website users. The problem is now that I have to pause cloudlfare everytime when I renew letsencrypt:



      sudo certbot renew


      Else I get an error:




      Incorrect validation certificate for tls-sni-01 challenge requested.
      To fix these errors, please make sure that your domain name was
      entered correctly and the DNS A/AAAA record(s) for that domain
      contain(s) the right IP address.




      Is there another way to auto renew it without pausing cloudflare?






      cloudflare lets-encrypt certbot auto-renewing




      cloudflare lets-encrypt certbot auto-renewing






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Dec 29 '18 at 13:32









      saitamsaitam

      887829




      887829
























          1 Answer
          1






          active

          oldest

          votes


















          1














          I ran into this before and thought some Cloudflare page rules would help



          Rule 1 http://.domain.com/.well-known/acme-challenge/ => cache level = standard



          Rule 2 http://*.domain.com/ => Always use HTTPS



          This seemed to work fine for all my domains until just today, one of them failed to renew certbot correctly, so I am also interested in anybody else's input.






          share|improve this answer























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53970028%2fauto-renew-certbot-with-cloudflare%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            I ran into this before and thought some Cloudflare page rules would help



            Rule 1 http://.domain.com/.well-known/acme-challenge/ => cache level = standard



            Rule 2 http://*.domain.com/ => Always use HTTPS



            This seemed to work fine for all my domains until just today, one of them failed to renew certbot correctly, so I am also interested in anybody else's input.






            share|improve this answer




























              1














              I ran into this before and thought some Cloudflare page rules would help



              Rule 1 http://.domain.com/.well-known/acme-challenge/ => cache level = standard



              Rule 2 http://*.domain.com/ => Always use HTTPS



              This seemed to work fine for all my domains until just today, one of them failed to renew certbot correctly, so I am also interested in anybody else's input.






              share|improve this answer


























                1












                1








                1







                I ran into this before and thought some Cloudflare page rules would help



                Rule 1 http://.domain.com/.well-known/acme-challenge/ => cache level = standard



                Rule 2 http://*.domain.com/ => Always use HTTPS



                This seemed to work fine for all my domains until just today, one of them failed to renew certbot correctly, so I am also interested in anybody else's input.






                share|improve this answer













                I ran into this before and thought some Cloudflare page rules would help



                Rule 1 http://.domain.com/.well-known/acme-challenge/ => cache level = standard



                Rule 2 http://*.domain.com/ => Always use HTTPS



                This seemed to work fine for all my domains until just today, one of them failed to renew certbot correctly, so I am also interested in anybody else's input.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jan 8 at 10:03









                scollonpscollonp

                212




                212






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53970028%2fauto-renew-certbot-with-cloudflare%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Monofisismo

                    Image
                    Monofisismo (do grego: monos - "único, singular" e physis - "natureza") é o ponto de vista cristológico que defende que, depois da união do divino e do humano na encarnação histórica, Jesus Cristo, como encarnação do Filho ou Verbo ( Logos ) de Deus, teria apenas uma única "natureza", a divina, e não uma síntese de ambas. O monofisismo é contraposto pelo diofisismo (ou "diafisismo"), que defende que Jesus preservou em si as duas naturezas. Historicamente, o monofisismo se refere primordialmente à posição dos que (especialmente no Egito e, em menor grau, na Síria) rejeitaram as decisões do Concílio de Calcedônia em 451 (o quarto concílio ecumênico). Os membros mais moderados entre eles, porém, defendem a teologia "miafisita", que se tornou a oficial para as Igrejas Ortodoxas Orientais. Muitos ortodoxos orientais, porém, rejeitam essa classificação, mesmo como um termo genérico, mas ele é amplamente utilizado na literatura históri...
                    Read more

                    compose and upload a new article using a custom form

                    Image
                    -5 1 I'm starting to learn about php trying to achieve the goal of make my first custom form. From what I understand, it's possible to collect data from a form you can compose and customize to get information like title, subtitle, uploaded images and of course the main text of a supposed post and collect them in an html file that the form itself plus a php file can store in a folder on my server. what i would like to understand better is if i can compose the form making it be able to include the collected information between pieces of code i don't wanna write anytime in the fields of the form. i also need to understand how to make it be able to save the final html file with a different suffix like an increasing number at the end of the name to be sure no older file created this way is going to be lost...
                    Read more

                    How to correct the classpath of spring boot application so that it contains a single, compatible version of...

                    Image
                    0 I am trying to add a participantRepository interface (which implements CrudRepository) to my spring boot application. But the basic code for this interface gives an error when it is run saying that the classpath of the application must be corrected. How can I do this and is there another modification I can do to run the code correctly? //Participant class package com.example.spring2.participants; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; import javax.persistence.Entity; import javax.persistence.Id; import java.util.List; @Entity public class Participant { @Id private String name; private int age; private String job; @Autowired private ParticipentService participentService; public Participant(...
                    Read more