Is anyone having a problem fetching autossl certificates behind Cloudflare?
I would expect so. I don’t use AutoSSL, but I have plenty of Let’s Encrypt certificates on use. When using HTTP-01 validation, you need to make accommodations in your Cloudflare configuration as well as your origin. TLS-ALPN-01 is not an option when using the Cloudflare proxy since it requires an end to end connection between the validation servers and the origin server.
1 Like
Do you have the same problem with Lets Encrypt? I do.
I don’t have any problem with Let’s Encrypt behind Cloudflare, but as I mentioned, I adjust my Cloudflare configuration to ensure that it does not interfere with HTTP-01 validation.
Here is one Community post I made that detailed a Page Rule that I used to use until I split them into separate Cache and Configuration Rules.
1 Like
My Sectigo and Lets Encrypt are both affected. Now that i dug a little further.
Interesting post. Thanks.
If i buy a three year ssl from CheapSSLs I wouldn’t have to worry about it for awhile anyway. Let’s Encrypt and Sectigo renew every three months though.
There are no more three year certificates. CA/B Forum requirements for publicly trusted CA certificates have been capped at one year since September 2020. (Technically it is 13 months or 397 days.) A three year purchase will be a subscription, and you will need to reissue and reinstall annually.
As long as you are using the Cloudflare proxy, you can install a Cloudflare Origin CA certificate for free. The default lifetime is 15 years, although shorter terms are available using the API.
2 Likes
I didn’t know they were subscriptions.
I saw the 15 year Cloudflare certificate. I used it but i couldn’t find the bundle and i was getting a yellow triangle warning in cpanel until I found and added the ca bundle.
That solution works but i have to do it for some client’s accounts if they’te not tech savvy. Also, you have to turn off autossl individual accounts. But I guess it is what it is.
2 Likes
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.