Cloudflare SSL Full(Strict) cant create lets encrypt ssl

Discussion in 'ISPConfig 3 Priority Support' started by ktownmods, Nov 17, 2019.

  1. ktownmods

    ktownmods Member

    Hey,

    i have my website on Cloudflare and use there the option SSL Full Strict.

    But since that, letsencrypt cant create certs on new domains.

    (Dns records exist, if i turn the ssl settings to flexible it works)

    So what i can do, that i dont have to set it always to flexible?
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  3. ktownmods

    ktownmods Member

    I cant follow your answer...
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    According to the symptoms of your issue it seems as if cloudflare blocks the requests made by LE to reautehnticate the cert in renewal. You should contact Cloudflare support and ask them or maybe there is something in the clodflare knowledge base about that. Or try to use cloudflare rules to exclude the path /.well-known/acme-challenge/ on your domain from strict mode if such an option exists.
     
    ahrasis and ktownmods like this.
  5. ktownmods

    ktownmods Member

    Try it if letsencrypt fixed the issue that have right now...
     
  6. ktownmods

    ktownmods Member

    @till is acme-v02 supported by ISPConfig?
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, it's used by default. But only with domain auth, not dns auth. So cloudflare must allow domain auth requests from LE.
     
    ktownmods likes this.

Share This Page