Renew Let’s Encrypt for Cloudflare-powered websites with Apache Ubuntu
- June 15, 2019 at 10:04 AM #1583Santhosh Kumar DKeymaster
Let’s Encrypt SSL fails to renew automatically on Cloudflare-powered sites. Whether it is Apache or Nginx, both use an authentication method called TLS-SNI-01 which is incompatible with Cloudflare or any other CDN. It will not work for both initial issuance and renewals.
So, if you need to use this method, you will always have to disable the CDN temporarily for initial issuance and renewals. Please note that this method only works if you have installed a separate certificate for each of your domain.
On Cloudflare, temporarily pause Cloudflare by going to the Overview tab, and activating ‘Pause Cloudflare on Site’ under the ‘Advanced Actions’ section:
Then, open your Apache web server and renew SSL individually for each domain using the following command.
sudo certbot renew --cert-name example.com
Remember to replace example.com with your own domain name. Run the command separately for each of your domain names.
Once it has been successfully renewed, restart your Apache web server using the appropriate command.
sudo service apache2 restart
Alternatively, you can also use the command:
sudo restart apache2
Finally, check certificate renewal dates for your domain using the following command:
sudo certbot certificates
Let’s Encrypt’s automatic renewal system will not work for websites powered by Cloudflare or any other CDN. So, note down the next renewal date and set reminders to do your next renewal by yourself following the same method.
Now, you shall go back to Cloudflare and select ‘Pause Cloudflare on Site’ under the Overview tab.November 25, 2019 at 10:59 PM #2138Santhosh Kumar DKeymaster
And, if you want to delete an issued certificate for a particular domain name, you can do so with the following command.
sudo certbot delete --cert-name example.com
- You must be logged in to reply to this topic.