Hi. I am setting up a WIN10 PC to be an https server running ngnix. My ISP blocks port 80 but allows 443. I need to get letsencrypt to issue a certificate for my domain (registered at.duckdns.org). But certbot does not work unless my site accepts the initial unencrypted communication over port 80! I am hoping Cloudflare has a solution.
Can Cloudflare temporarily act as my domain to authenticate with letsencypt? Is this what’s known as the “DNS based validation method”? Is there a guide available?
Thank you for the response. I am still unclear on a few things regarding Cloudflare Origin CA certificates.
1.) Currently, my domain is duck-bill.duckdns.org. Will I keep this domain or will I ultimately need to get a similar domain from Cloudflare first? Please note that my site can not yet be accessed via port 80 and has no https access on port 443. It is only accessible using http on port 8080.
2.) The first step of the process is to “add a site”. Do I enter duck-bill.duckdns.org?
3.) If I use a Cloudflare CA certificate, there is a warning: “For subdomains that utilize Origin CA certificates, pausing or disabling Cloudflare causes untrusted certificate errors for site visitors.” Does that mean all traffic must pass through Cloudflare? Will I get control of the SSL certificate to put it on my web site?
Thanks for any answers you can provide.