how could i use Let’s encrypt’s certificate i have instead of cloudflare’s
What is the current SSL/TLS setting?
Full (strict)
What are the steps to reproduce the issue?
i am getting from plesk these errors while the lets encrypt certificate is valid.:
Could not renew Lets Encrypt certificates Please log in to Plesk and renew the certificates listed below manually. Renewal of the following Lets Encrypt certificates has failed:
Sounds like your Plesk installation uses Let’s Encrypt CA for your domain at your origin host/server.
Therefrom, Cloudflare’s proxied DNS recrds are covered by the Universal SSL certificate which seems to be also Let’s Encrypt for your case, otherwise one from the other CAs being used to issue the certificate:
May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?
I’d suggest you to temporary Pause Cloudflare for your site. Wait few minutes. Double-check the origin SSL certificate. Renew it. After the Website works okay over HTTPS, un-pause and all good.
Steps for troubleshooting:
Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
The link is in the lower right corner of that page.
Give it five minutes to take effect, then make sure site is working as expected with HTTPS without any error
Check with your hosting provider / Plesk panel / cPanel AutoSSL / Let’s Encrypt / ACME / Certbot and manually click to renew it
Only then, when your website responds over HTTPS, you should un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).
Temporary, yes, to renew your origin SSL. After done, switch the proxy back to and keep using Full (Strict).
Or use Pause option as written in my reply from above.
I can see you’re Website now does respond with origin SSL certificate working correctly over HTTPS, no issue, from the origin host, as far as no IP address from Cloudflare is returned using dig command or ping.
The other way to know this is by checking the HTTP headers via cURL command: server: nginx