We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Auto-renew Let's Encrypt when on CloudFlare
Auto-renew Let's Encrypt when on CloudFlare
Hello. The domains I host with Vesta all pass through CloudFlare, so the Let's Encrypt Auto Renew fails.
This is explained by CloudFlare here: https://support.cloudflare.com/hc/en-us ... Cloudflare
In particular, they say:
If I use this method, will it conflict with the built-in Vesta method (the GUI and checkbox), and if so does anyone have any recommendations on the best way to proceed?
Thanks in advance.
This is explained by CloudFlare here: https://support.cloudflare.com/hc/en-us ... Cloudflare
In particular, they say:
Then they provide instructions to use the webroot method for SSL creation."the default method used for ACME authentication by the Let's Encrypt client utilizes the DVSNI method. This will fail for a domain which has Cloudflare enabled as we terminate SSL (TLS) at our edge and the ACME server will never see the certificate the client presents at the origin. Using alternate ACME validation methods, such as DNS or HTTP will complete successfully when Cloudflare is enabled."
If I use this method, will it conflict with the built-in Vesta method (the GUI and checkbox), and if so does anyone have any recommendations on the best way to proceed?
Thanks in advance.
Re: Auto-renew Let's Encrypt when on CloudFlare
I haven't received any support, or seen many other people get solid answers, from these forums when it comes to using LetsEncrypt with Vesta even though it's a feature within the software. So unfortunately I don't know if a compatibility issue would arise.
I will say though that after doing my own research, the method I ended up choosing is with a Python hook for CloudFlare that uses DNS for authentication as opposed to the more common webroot way. This script makes it really quick and easy, and you can set up a cronjob for it to renew/check renewal every day. Is this an ideal solution? Not really. I'd rather have either a solution or some sort of explanation from the Vesta team on how to "properly" do this, but I don't think that will be coming any time soon.
Here is a link to the script I'm using:
https://github.com/kappataumu/letsencry ... flare-hook
I will say though that after doing my own research, the method I ended up choosing is with a Python hook for CloudFlare that uses DNS for authentication as opposed to the more common webroot way. This script makes it really quick and easy, and you can set up a cronjob for it to renew/check renewal every day. Is this an ideal solution? Not really. I'd rather have either a solution or some sort of explanation from the Vesta team on how to "properly" do this, but I don't think that will be coming any time soon.
Here is a link to the script I'm using:
https://github.com/kappataumu/letsencry ... flare-hook
Re: Auto-renew Let's Encrypt when on CloudFlare
Hey,
I solved this issue a few months ago so figured I'd share the love! What you need to do is make a new Cloudflare Page Rule:
*yourdomain.com/.well-known/acme-challenge/* SSL: OFF
If you already have a rule, e.g. Always Use HTTPS, make sure the above rule comes first.
With that rule enabled my domains activate and auto-renew with Let's Encrypt. Hope it helps!
I solved this issue a few months ago so figured I'd share the love! What you need to do is make a new Cloudflare Page Rule:
*yourdomain.com/.well-known/acme-challenge/* SSL: OFF
If you already have a rule, e.g. Always Use HTTPS, make sure the above rule comes first.
With that rule enabled my domains activate and auto-renew with Let's Encrypt. Hope it helps!
Re: Auto-renew Let's Encrypt when on CloudFlare
Thank you for sharing! Tested and working here!Dismo wrote:Hey,
I solved this issue a few months ago so figured I'd share the love! What you need to do is make a new Cloudflare Page Rule:
*yourdomain.com/.well-known/acme-challenge/* SSL: OFF
If you already have a rule, e.g. Always Use HTTPS, make sure the above rule comes first.
With that rule enabled my domains activate and auto-renew with Let's Encrypt. Hope it helps!
Re: Auto-renew Let's Encrypt when on CloudFlare
Thanks for sharing. It seems CloudFlare no longer prevents the autorenew for me. It just started working without me changing anything. But I’ll come back to your solution if ever I need it. Thanks again for sharing!