Let's Encrypt ACME challenge failing on proxied

I have an origin server which needs to use a Let’s Encrypt certificate as per client requirement. We need to make sure this certificate updates automatically but the challenge fails. I believe the cause is because it’s being proxied by cloudflare.

I tried creating a configuration rule:
URI Path - Contains - “/.well-known/acme-challenge/”
Disable Automatic HTTPS rewrites
Set SSL (SSL/TLS > Overview) to off

This does not work, the ACME challenge fails.
If I disable the proxy the challenge works.

I’m pretty sure I have something wrong with my rule as I’ve used this before on other clients but with the old deprecated “page rules”.

Have you disabled the global Always use HTTPS setting?

I use similar rules to ensure that my ACME HTTP-01 challenges are successful and I have found that the global setting for Always use HTTPS needs to be disabled. You can use a configuration rule to replicate its desired effects without the unwanted one caused by the global setting.

I add a few more settings to my rules. You can see them here:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.