Renew Let’s Encrypt for Cloudflare-powered websites with Apache Ubuntu

LearnTips Internet Renew Let’s Encrypt for Cloudflare-powered websites with Apache Ubuntu

This topic contains 0 replies, has 1 voice, and was last updated by Avatar Santhosh Kumar D 1 month, 1 week ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #1583

    Let’s Encrypt SSL fails to renew automatically on Cloudflare-powered sites. Whether it is Apache or Nginx, both use an authentication method called TLS-SNI-01 which is incompatible with Cloudflare or any other CDN. It will not work for both initial issuance and renewals.

    So, if you need to use this method, you will always have to disable the CDN temporarily for initial issuance and renewals. Please note that this method only works if you have installed a separate certificate for each of your domain.

    On Cloudflare, temporarily pause Cloudflare by going to the Overview tab, and activating ‘Pause Cloudflare on Site’ under the ‘Advanced Actions’ section:

    Then, open your Apache web server and renew SSL individually for each domain using the following command.
    sudo certbot renew --cert-name example.com

    Remember to replace example.com with your own domain name. Run the command separately for each of your domain names.

    Once it has been successfully renewed, restart your Apache web server using the appropriate command.
    sudo service apache2 restart

    Alternatively, you can also use the command:
    sudo restart apache2

    Finally, check certificate renewal dates for your domain using the following command:
    sudo certbot certificates

    Let’s Encrypt’s automatic renewal system will not work for websites powered by Cloudflare or any other CDN. So, note down the next renewal date and set reminders to do your next renewal by yourself following the same method.

    Now, you shall go back to Cloudflare and select ‘Pause Cloudflare on Site’ under the Overview tab.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.