Hi guys,
I need some help because every three months I have to certificate the SSL with cloudway and I use Cloudflare with proxy. Every time when is close to expire I have to disable proxy and then renew the certification of ssl.
For me its very exhaust because if I manage multiple website, I have to do that one by one. Exist another way or form to do certification without disabled proxy and it can be automatically?
You don’t actually have to pause Cloudflare to issue or renew Let’s Encrypt certificates for your origin sites using HTTP-01 validation. I make some adjustments to my site settings in Cloudflare to insure that HTTP requests for the .well-known/acme-challenge path are not redirected to HTTPS, and that responses are not cached.
You can use the following page rule reference notes as a starting point.
*example.com/.well-known/acme-challenge/*
Disable Security
SSL: Off
Cache Level: Bypass
Disable Performance
Note that for the SSL: Off setting to work, the site level setting for Always Use SSL cannot be enabled.
I am not techy but help me with the configuration. @epic.network
I have to change to Full (strict) ??
How I can configurate the origin server?
You should always use Full (Strict) whenever possible.
In your Page Rule, you will want to replace www. with * at the beginning of the path and replace /* with /.well-known/acme-challenge/* at the end.
So in that way the system will auto renew certification SSL (Proxy) without disable it?
And cloudway will automatically renew the ssl? @epic.network
If you have auto-renewal enabled, it should. I would encourage you test with Let’s Debug and if you encounter any issues, there is a Let’s Encrypt Community that can provide more in depth assistance with Let’s Encrypt than we can in the Cloudflare Community.
Appear this. I change the SSL to full strict. @epic.network
I already put full strict but I don’t know why still asking me that.
That warning is strictly informational. It is there to make sure people understand the importance of encrypting the traffic between Cloudflare and the origin server. Since the Cloudflare proxy provides public facing SSL, there is no way the test can know that you are using Full (Strict).
After reading the guide of cloudway to setup the origin server now I have the certification.
@epic.network thanks for your assistance =)
How to Configure Cloudflare Origin Certificate | Cloudways Help Center
Your apex hostname does not have a working certificate. www is working, but example.com is not.
I think its setup. (When you mention www is working, but asesoriafinanciera.com is not?? how I can check that? @epic.network
You mention to include in the box www.asesoriafinancierale.com??
@franciscolee1504 From the second image, I see you are on the track in the Origin Certificate Installation.
Except there should be no Cloudflare Origin CA certificate involved in this setup. @franciscolee1504 is using Let’s Encrypt origin certificates via Cloudways.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
