Anyone not able to fetch AutoSSL behind cloudlfare?

Is anyone having a problem fetching autossl certificates behind Cloudflare?

I would expect so. I don’t use AutoSSL, but I have plenty of Let’s Encrypt certificates on use. When using HTTP-01 validation, you need to make accommodations in your Cloudflare configuration as well as your origin. TLS-ALPN-01 is not an option when using the Cloudflare proxy since it requires an end to end connection between the validation servers and the origin server.

1 Like

Do you have the same problem with Lets Encrypt? I do.

I don’t have any problem with Let’s Encrypt behind Cloudflare, but as I mentioned, I adjust my Cloudflare configuration to ensure that it does not interfere with HTTP-01 validation.

Here is one Community post I made that detailed a Page Rule that I used to use until I split them into separate Cache and Configuration Rules.

1 Like

My Sectigo and Lets Encrypt are both affected. Now that i dug a little further.

Interesting post. Thanks.

If i buy a three year ssl from CheapSSLs I wouldn’t have to worry about it for awhile anyway. Let’s Encrypt and Sectigo renew every three months though.

There are no more three year certificates. CA/B Forum requirements for publicly trusted CA certificates have been capped at one year since September 2020. (Technically it is 13 months or 397 days.) A three year purchase will be a subscription, and you will need to reissue and reinstall annually.

As long as you are using the Cloudflare proxy, you can install a Cloudflare Origin CA certificate for free. The default lifetime is 15 years, although shorter terms are available using the API.


I didn’t know they were subscriptions.

I saw the 15 year Cloudflare certificate. I used it but i couldn’t find the bundle and i was getting a yellow triangle warning in cpanel until I found and added the ca bundle.

That solution works but i have to do it for some client’s accounts if they’te not tech savvy. Also, you have to turn off autossl individual accounts. But I guess it is what it is.


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.