Let's Encrypt Certificate not Auto-Renewing

What is the name of the domain?

thebrinsons.net

What is the issue you’re encountering

I have received an automated email from the “Let’s Encrypt Expiry Bot” informing me that the certificate for one of the subdomains created through Cloudflare Tunnels is due to expire in 7 days

What steps have you taken to resolve the issue?

I have searched through the Cloudflare administrative portal to see if there is a way to self-service these certificates generated by Cloudflare Tunnels, but I have found nothing that would allow me to renew any certificates. I assume that the certificate is generated when the subdomain was created or when the whole Cloudflare Tunnel was created. I do not see that I have many tools for administering these subdomains. I have also searched on this community forum, but I haven’t found anything that speaks to Let’s Encyrpt certificates that are auto-generated by the Tunnels product. I’m at a loss as to how to proceed.

You got an email from Let's Encrypt Expiry Bot <[email protected]>? Those emails are about certifications you have issued yourself with ACME/Certbot and provided your email with the issuance.

Cloudflare Tunnels does not create certificates. Public Hostnames use your Universal SSL Certificate which is issued with your domain, renews automagically and Let’s Encrypt wouldn’t email you about (CF also is moving away from Let’s Encrypt automatically: Let's Encrypt chain update | Cloudflare SSL/TLS docs, I believe all Universals at this point unless specifically picked Let’s Encrypt are no longer using them).

I would assume it’s a certificate automatically created by the origin service behind your tunnel. As long as the tunnel connector (cloudflared) is on the same host it’s fine to not use https, otherwise I would try to find out more about the origin service and why it’s failing to reissue.