Issue with Lets encrypt SLL

What is the name of the domain?

humanworld.gr

What is the issue you’re encountering

how could i use Let’s encrypt’s certificate i have instead of cloudflare’s

What is the current SSL/TLS setting?

Full (strict)

What are the steps to reproduce the issue?

i am getting from plesk these errors while the lets encrypt certificate is valid.:

Could not renew Lets Encrypt certificates Please log in to Plesk and renew the certificates listed below manually. Renewal of the following Lets Encrypt certificates has failed:

** 'Lets Encrypt [days to expire: 23] **

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/429331096587.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: During secondary validation: 2606:4700:3031::ac43:8d7f: Invalid response from https://humanworld.gr/.well-known/acme-challenge/SWmsV27bOoJhXfolWsxPhNL2vHMRP8ebQxQVdm-U4eg: 403

The following Let`s Encrypt certificates have been renewed without some of their Subject Alternative Names:

Sounds like your Plesk installation uses Let’s Encrypt CA for your domain at your origin host/server.

Therefrom, Cloudflare’s proxied :orange: DNS recrds are covered by the Universal SSL certificate which seems to be also Let’s Encrypt for your case, otherwise one from the other CAs being used to issue the certificate:

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )? :thinking:

I’d suggest you to temporary Pause Cloudflare for your site. Wait few minutes. Double-check the origin SSL certificate. Renew it. After the Website works okay over HTTPS, un-pause and all good.

Steps for troubleshooting:

  1. Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
  2. The link is in the lower right corner of that page.
  3. Give it five minutes to take effect, then make sure site is working as expected with HTTPS without any error
  4. Check with your hosting provider / Plesk panel / cPanel AutoSSL / Let’s Encrypt / ACME / Certbot and manually click to renew it
  5. Only then, when your website responds over HTTPS, you should un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).

The hosting company told me to turn off the proxy from DNS records is this right to do so i can use the Let’s encrypt SSL that i have in Plesk?

Also i thought i had to change the ecryption mode from Full strict, to Full.

Temporary, yes, to renew your origin SSL. After done, switch the proxy back to :orange: and keep using Full (Strict).
Or use Pause option as written in my reply from above.

i did renew the certiication from inside Plesk but how do i know if everything is properly set up

1 Like

Great! :+1:

I can see you’re Website now does respond with origin SSL certificate working correctly over HTTPS, no issue, from the origin host, as far as no IP address from Cloudflare is returned using dig command or ping.
The other way to know this is by checking the HTTP headers via cURL command:
server: nginx

Using online tool to check the SSL certificate:

Seems to be okay and new recently.

Now, you can switch back the proxy :orange: or un-pause.
Set to Full (Strict) to have end-to-end via SSL connection.

Here is more information when to use which SSL settings:

Hello and thanks for the info

I got the same automatic email from Plesk about SSL tho even after renewing the SSL etc

After i set Full strict i got this as welll…

doesn’t support a secure connection

You are seeing this warning because this site does not support HTTPS and you are in Incognito mode. Learn more about this warning

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.