Auto-renew Let's Encrypt when on CloudFlare

[vesta_mtl]

Hello. The domains I host with Vesta all pass through CloudFlare, so the Let's Encrypt Auto Renew fails.

This is explained by CloudFlare here: https://support.cloudflare.com/hc/en-us ... Cloudflare

In particular, they say:

"the default method used for ACME authentication by the Let's Encrypt client utilizes the DVSNI method. This will fail for a domain which has Cloudflare enabled as we terminate SSL (TLS) at our edge and the ACME server will never see the certificate the client presents at the origin. Using alternate ACME validation methods, such as DNS or HTTP will complete successfully when Cloudflare is enabled."

Then they provide instructions to use the webroot method for SSL creation.

If I use this method, will it conflict with the built-in Vesta method (the GUI and checkbox), and if so does anyone have any recommendations on the best way to proceed?

Thanks in advance.

[pepsi]

I haven't received any support, or seen many other people get solid answers, from these forums when it comes to using LetsEncrypt with Vesta even though it's a feature within the software. So unfortunately I don't know if a compatibility issue would arise.

I will say though that after doing my own research, the method I ended up choosing is with a Python hook for CloudFlare that uses DNS for authentication as opposed to the more common webroot way. This script makes it really quick and easy, and you can set up a cronjob for it to renew/check renewal every day. Is this an ideal solution? Not really. I'd rather have either a solution or some sort of explanation from the Vesta team on how to "properly" do this, but I don't think that will be coming any time soon.

Here is a link to the script I'm using:
https://github.com/kappataumu/letsencry ... flare-hook

[Dismo]

Hey,

I solved this issue a few months ago so figured I'd share the love! What you need to do is make a new Cloudflare Page Rule:

*yourdomain.com/.well-known/acme-challenge/* SSL: OFF

If you already have a rule, e.g. Always Use HTTPS, make sure the above rule comes first.

With that rule enabled my domains activate and auto-renew with Let's Encrypt. Hope it helps!

[pepsi]

Hey,

I solved this issue a few months ago so figured I'd share the love! What you need to do is make a new Cloudflare Page Rule:

*yourdomain.com/.well-known/acme-challenge/* SSL: OFF

If you already have a rule, e.g. Always Use HTTPS, make sure the above rule comes first.

With that rule enabled my domains activate and auto-renew with Let's Encrypt. Hope it helps!

Thank you for sharing! Tested and working here!

[vesta_mtl]

Thanks for sharing. It seems CloudFlare no longer prevents the autorenew for me. It just started working without me changing anything. But I’ll come back to your solution if ever I need it. Thanks again for sharing!