Any way to bypass Access for Let's Encrypt?

It’s 2021 so the last post I can find about this is no longer relevant, and the only relevant docs page states that it is outdated and will be deleted two months ago.

What I want is to have Let’s Encrypt work on my server to renew certificates for certain hostnames that are set up as apps through Cloudflare Access. Right now if an app is added to Access, Let’s Encrypt will error out when trying to access hostname/.well-known/acme-challenge (because that URL, as well as everything else on that hostname will present a Cloudflare Access authentication page.

Going by the aforementioned obsolete documentation info, I still tried to create the necessary policies but now they result in separate applications in the app list with the bypass rule, and also appear as separate apps in the app launcher. And what’s worse, the bypass rule still doesn’t work and I still cannot get to the .well-known/acme-challenge URL.

Ideally Cloudflare could add a path criteria for bypass rules (right now bypass can only be triggered for everyone or based on IP range), so that it could be added to the app policies. However, until then - what are my options, if any?

Welcome to the community Martins1!

Out of curiousity is there any particular reason you are requesting/renewing LE certificates via the http-01 validation method?
In your case I think it would be quicker/easier to request your certificates using dns-01 validation by installing the certbot-dns-cloudflare plugin as you’d be stuck with this untill cloudflare implements something to that effect

1 Like

Thanks, DNS verification worked like a charm, don’t know why I didn’t think of that.

1 Like