Cloudflare SSL FULL stopped working with communicating PLESK and Let's Ecnrypt


This has been working for years, now all of a sudden it stopped working on my server with all my domains on Plesk at LiquidWeb.

A couple months ago I changed everything in Cloudflare to STRICT, but now once my server tries to renew the local SSL with lets encrypt the site’s were going down bc of an SSL error.

They were going down bc my server could not renew the SSL under Proxy since cloudflare as AAAA records.

If I turn off the Proxy at cloudflare then RENEW works, and I can add back on Strict…

This is not a solution since that means every 60-90 days I would have to perform this action and like I said before this was working and renewing automatically.

So i figured NO BIG DEAL, I will turn everything back to FULL instead of STRICT and this should solve the problem.

But now… its not working on FULL either I get the same error on my PLESK backend when trying to renew an SSL or when it expires it wont auto renew… the same solution works with disabling PROXY, then add the certificate.

How come this worked for me before no problem under PROXY?

I would like to keep PROXY on to protect my domains from attacks, etc…

Is there a workaround or is the only solution to turn off PROXY?

So what I am asking is what settings do I have to adjust in order from Let’sEncrypt to auto renew on my server every 90 days and keep cloudflare on and running smoothly without and SSL errors?


Someone may be able to give a guide to getting HTTP-01 challenges through Cloudflare to Plesk.

There’s two easier-to-maintain options I would suggest if you can apply the certificate manually. They mean you can just keep HTTPS only to the origin which keeps the Cloudflare configuration simple and secure.

  1. Use a Cloudflare origin certificate, valid for up to 15 years. The certificate is only trusted by Cloudflare so requires use of the proxy for secure access - direct connections will warn about the certificate.
    Origin CA certificates · Cloudflare SSL/TLS docs

  2. Use LetsEncrypt and Cerbot with DNS-01 instead of HTTP-01 and use the certbot-dns-cloudflare plugin to automate the creating and deleting of the TXT records in the DNS…
    Welcome to certbot-dns-cloudflare’s documentation! — certbot-dns-cloudflare 0 documentation

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.