Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Main Section Web Server
  • Search

Auto-renew Let's Encrypt when on CloudFlare

Questions regarding the Web Server
Apache + Nginx, Nginx + PHP5-FPM
Post Reply
  • Print view
Advanced search
5 posts • Page 1 of 1
vesta_mtl
Posts: 70
Joined: Wed Dec 21, 2016 2:08 pm

Auto-renew Let's Encrypt when on CloudFlare
  • Quote

Post by vesta_mtl » Sun Aug 13, 2017 11:41 am

Hello. The domains I host with Vesta all pass through CloudFlare, so the Let's Encrypt Auto Renew fails.

This is explained by CloudFlare here: https://support.cloudflare.com/hc/en-us ... Cloudflare

In particular, they say:
"the default method used for ACME authentication by the Let's Encrypt client utilizes the DVSNI method. This will fail for a domain which has Cloudflare enabled as we terminate SSL (TLS) at our edge and the ACME server will never see the certificate the client presents at the origin. Using alternate ACME validation methods, such as DNS or HTTP will complete successfully when Cloudflare is enabled."
Then they provide instructions to use the webroot method for SSL creation.

If I use this method, will it conflict with the built-in Vesta method (the GUI and checkbox), and if so does anyone have any recommendations on the best way to proceed?

Thanks in advance.
Top

pepsi
Posts: 20
Joined: Wed Apr 26, 2017 1:51 am

Re: Auto-renew Let's Encrypt when on CloudFlare
  • Quote

Post by pepsi » Sun Aug 13, 2017 7:00 pm

I haven't received any support, or seen many other people get solid answers, from these forums when it comes to using LetsEncrypt with Vesta even though it's a feature within the software. So unfortunately I don't know if a compatibility issue would arise.

I will say though that after doing my own research, the method I ended up choosing is with a Python hook for CloudFlare that uses DNS for authentication as opposed to the more common webroot way. This script makes it really quick and easy, and you can set up a cronjob for it to renew/check renewal every day. Is this an ideal solution? Not really. I'd rather have either a solution or some sort of explanation from the Vesta team on how to "properly" do this, but I don't think that will be coming any time soon.

Here is a link to the script I'm using:
https://github.com/kappataumu/letsencry ... flare-hook
Top

Dismo
Posts: 1
Joined: Tue Sep 05, 2017 11:03 pm

Re: Auto-renew Let's Encrypt when on CloudFlare
  • Quote

Post by Dismo » Tue Sep 05, 2017 11:07 pm

Hey,

I solved this issue a few months ago so figured I'd share the love! What you need to do is make a new Cloudflare Page Rule:

*yourdomain.com/.well-known/acme-challenge/* SSL: OFF

If you already have a rule, e.g. Always Use HTTPS, make sure the above rule comes first.

With that rule enabled my domains activate and auto-renew with Let's Encrypt. Hope it helps!
Top

pepsi
Posts: 20
Joined: Wed Apr 26, 2017 1:51 am

Re: Auto-renew Let's Encrypt when on CloudFlare
  • Quote

Post by pepsi » Sun Oct 01, 2017 4:00 am

Dismo wrote:Hey,

I solved this issue a few months ago so figured I'd share the love! What you need to do is make a new Cloudflare Page Rule:

*yourdomain.com/.well-known/acme-challenge/* SSL: OFF

If you already have a rule, e.g. Always Use HTTPS, make sure the above rule comes first.

With that rule enabled my domains activate and auto-renew with Let's Encrypt. Hope it helps!
Thank you for sharing! Tested and working here!
Top

vesta_mtl
Posts: 70
Joined: Wed Dec 21, 2016 2:08 pm

Re: Auto-renew Let's Encrypt when on CloudFlare
  • Quote

Post by vesta_mtl » Sun Oct 01, 2017 2:09 pm

Thanks for sharing. It seems CloudFlare no longer prevents the autorenew for me. It just started working without me changing anything. But I’ll come back to your solution if ever I need it. Thanks again for sharing!
Top


Post Reply
  • Print view

5 posts • Page 1 of 1

Return to “Web Server”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

cron

Login  •  Register

I forgot my password