Auto-renew Let's Encrypt when on CloudFlare

Questions regarding the Web Server
Apache + Nginx, Nginx + PHP5-FPM
vesta_mtl
Posts: 33
Joined: Wed Dec 21, 2016 2:08 pm

Auto-renew Let's Encrypt when on CloudFlare

Postby vesta_mtl » Sun Aug 13, 2017 11:41 am

Hello. The domains I host with Vesta all pass through CloudFlare, so the Let's Encrypt Auto Renew fails.

This is explained by CloudFlare here: https://support.cloudflare.com/hc/en-us/articles/214820528-How-to-Validate-a-Let-s-Encrypt-Certificate-on-a-Site-Already-Active-on-Cloudflare

In particular, they say:
"the default method used for ACME authentication by the Let's Encrypt client utilizes the DVSNI method. This will fail for a domain which has Cloudflare enabled as we terminate SSL (TLS) at our edge and the ACME server will never see the certificate the client presents at the origin. Using alternate ACME validation methods, such as DNS or HTTP will complete successfully when Cloudflare is enabled."


Then they provide instructions to use the webroot method for SSL creation.

If I use this method, will it conflict with the built-in Vesta method (the GUI and checkbox), and if so does anyone have any recommendations on the best way to proceed?

Thanks in advance.

pepsi
Posts: 7
Joined: Wed Apr 26, 2017 1:51 am

Re: Auto-renew Let's Encrypt when on CloudFlare

Postby pepsi » Sun Aug 13, 2017 7:00 pm

I haven't received any support, or seen many other people get solid answers, from these forums when it comes to using LetsEncrypt with Vesta even though it's a feature within the software. So unfortunately I don't know if a compatibility issue would arise.

I will say though that after doing my own research, the method I ended up choosing is with a Python hook for CloudFlare that uses DNS for authentication as opposed to the more common webroot way. This script makes it really quick and easy, and you can set up a cronjob for it to renew/check renewal every day. Is this an ideal solution? Not really. I'd rather have either a solution or some sort of explanation from the Vesta team on how to "properly" do this, but I don't think that will be coming any time soon.

Here is a link to the script I'm using:
https://github.com/kappataumu/letsencry ... flare-hook

Dismo
Posts: 1
Joined: Tue Sep 05, 2017 11:03 pm

Re: Auto-renew Let's Encrypt when on CloudFlare

Postby Dismo » Tue Sep 05, 2017 11:07 pm

Hey,

I solved this issue a few months ago so figured I'd share the love! What you need to do is make a new Cloudflare Page Rule:

*yourdomain.com/.well-known/acme-challenge/* SSL: OFF

If you already have a rule, e.g. Always Use HTTPS, make sure the above rule comes first.

With that rule enabled my domains activate and auto-renew with Let's Encrypt. Hope it helps!

pepsi
Posts: 7
Joined: Wed Apr 26, 2017 1:51 am

Re: Auto-renew Let's Encrypt when on CloudFlare

Postby pepsi » Sun Oct 01, 2017 4:00 am

Dismo wrote:Hey,

I solved this issue a few months ago so figured I'd share the love! What you need to do is make a new Cloudflare Page Rule:

*yourdomain.com/.well-known/acme-challenge/* SSL: OFF

If you already have a rule, e.g. Always Use HTTPS, make sure the above rule comes first.

With that rule enabled my domains activate and auto-renew with Let's Encrypt. Hope it helps!


Thank you for sharing! Tested and working here!

vesta_mtl
Posts: 33
Joined: Wed Dec 21, 2016 2:08 pm

Re: Auto-renew Let's Encrypt when on CloudFlare

Postby vesta_mtl » Sun Oct 01, 2017 2:09 pm

Thanks for sharing. It seems CloudFlare no longer prevents the autorenew for me. It just started working without me changing anything. But I’ll come back to your solution if ever I need it. Thanks again for sharing!


Return to “Web Server”



Who is online

Users browsing this forum: No registered users and 10 guests

cron