Let’s Encrypt certs expire every 3 months and it appears we get a 525 SSL handshake failure every three months with our webflow website
What steps have you taken to resolve the issue?
Removing proxy and re-enabling proxy a couple times and resyncing in webflow appears to solve the problem, but this really shouldn’t happen at all. My alternative is to buy an SSL cert, which seems unnecessary.
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Full
What are the steps to reproduce the issue?
Connect your Webflow website to cloudflare and wait 3 months
Unfortunately, this happens and LE’s servers cannot validate since the IP’s are from Cloudflare network, therefrom behind proxy and cannot access via HTTP (got redirected to HTTPS). Furthermore, requests might get blocked via WAF.
To avoid having this process proxy-unporxy, make sure Always Use HTTPS option is disabled so Let’s Encrypt could pass through over HTTP and validate the LE’s request and re-issue you the SSL certificate for your origin server via TXT method, or rather webroot.
If you try to add acme-challenge DNS records, you’d encounter an error since these _acme-challenge would come from Cloudflare’s Universal SSL (whic also uses either Let’s Encrpyt or Google Trusted Services or SSLcom to issue sch).
Otherwise, I’d suggest you to generate and install Cloudflare Origin CA Certificate at your web server, therefrom switch to Full (Strict) and you’re good to go.
You could also script few lines and make yourself less work to do, let it go automatically by using Cloudflare Workers and API.