What I want is to have Let’s Encrypt work on my server to renew certificates for certain hostnames that are set up as apps through Cloudflare Access. Right now if an app is added to Access, Let’s Encrypt will error out when trying to access hostname/.well-known/acme-challenge (because that URL, as well as everything else on that hostname will present a Cloudflare Access authentication page.
Going by the aforementioned obsolete documentation info, I still tried to create the necessary policies but now they result in separate applications in the app list with the bypass rule, and also appear as separate apps in the app launcher. And what’s worse, the bypass rule still doesn’t work and I still cannot get to the .well-known/acme-challenge URL.
Ideally Cloudflare could add a path criteria for bypass rules (right now bypass can only be triggered for everyone or based on IP range), so that it could be added to the app policies. However, until then - what are my options, if any?