Auto-renew Let's Encrypt when on CloudFlare

Questions regarding the Web Server
Apache + Nginx, Nginx + PHP5-FPM
Posts: 30
Joined: Wed Dec 21, 2016 2:08 pm

Auto-renew Let's Encrypt when on CloudFlare

Postby vesta_mtl » Sun Aug 13, 2017 11:41 am

Hello. The domains I host with Vesta all pass through CloudFlare, so the Let's Encrypt Auto Renew fails.

This is explained by CloudFlare here:

In particular, they say:
"the default method used for ACME authentication by the Let's Encrypt client utilizes the DVSNI method. This will fail for a domain which has Cloudflare enabled as we terminate SSL (TLS) at our edge and the ACME server will never see the certificate the client presents at the origin. Using alternate ACME validation methods, such as DNS or HTTP will complete successfully when Cloudflare is enabled."

Then they provide instructions to use the webroot method for SSL creation.

If I use this method, will it conflict with the built-in Vesta method (the GUI and checkbox), and if so does anyone have any recommendations on the best way to proceed?

Thanks in advance.

Posts: 6
Joined: Wed Apr 26, 2017 1:51 am

Re: Auto-renew Let's Encrypt when on CloudFlare

Postby pepsi » Sun Aug 13, 2017 7:00 pm

I haven't received any support, or seen many other people get solid answers, from these forums when it comes to using LetsEncrypt with Vesta even though it's a feature within the software. So unfortunately I don't know if a compatibility issue would arise.

I will say though that after doing my own research, the method I ended up choosing is with a Python hook for CloudFlare that uses DNS for authentication as opposed to the more common webroot way. This script makes it really quick and easy, and you can set up a cronjob for it to renew/check renewal every day. Is this an ideal solution? Not really. I'd rather have either a solution or some sort of explanation from the Vesta team on how to "properly" do this, but I don't think that will be coming any time soon.

Here is a link to the script I'm using: ... flare-hook

Posts: 1
Joined: Tue Sep 05, 2017 11:03 pm

Re: Auto-renew Let's Encrypt when on CloudFlare

Postby Dismo » Tue Sep 05, 2017 11:07 pm


I solved this issue a few months ago so figured I'd share the love! What you need to do is make a new Cloudflare Page Rule:


If you already have a rule, e.g. Always Use HTTPS, make sure the above rule comes first.

With that rule enabled my domains activate and auto-renew with Let's Encrypt. Hope it helps!

Return to “Web Server”

Who is online

Users browsing this forum: No registered users and 3 guests