Let's Encrypt certificates for the 3 level domains

Website, Application, Performance DNS & Network
1

https://www.cloudflare.com/diagnostic-center/?url=artsgallery.paintinggallery.pro

I can not receive the Let’s Encrypt certificate with the error that the A record does not exist for the www.artsgallery.paintinggallery.pro: Screenshot by Lightshot

I have this records in DNS for this domain (I have free Cloudflare plan): Screenshot by Lightshot

Is this because my settings are wrong or because the limitations of the free plan? Please, give advices in order to change the settings or just remove the Cloudflare free account.

2

That’s a long sub-domain with the www prefix.

If the record www.artsgallery is :orange: cloud at Cloudflare dashboard at DNS tab, kindly try switching it temporarly to :grey: cloud, wait for few minutes, and try again to generate a LE certificate.

Also to note here, if you have artsgallery or any other :orange: cloud sub-domain, which are included in your Let’s Encrypt SSL certificate, switch them too (temporarly) to :grey: to make sure the renewing process could succeed.

After success, switch them back again to :orange: cloud (proxied) :wink:

3

Sr, thank you for your reply! I did not have www.artsgallery A record. I added it now. Please, check Screenshot by Lightshot
Is it enough now?

4

I believe yes, that’s correct from the provided screenshot from above.

Just for a reminder, if the process fails, regarding the domain names listed on your SSL certificate, you may temporarly need to switch one or more A type :orange: clouds to :grey:, run the renew process, after complete, switch back to :orange:.

5

Sr, it is telling tls handshake error with :orange: cloud: Screenshot by Lightshot
I am following your advice and switching to :grey: Screenshot by Lightshot
Now I am trying to renew the ssl. And… it has worked for me! Screenshot by Lightshot
Thank you!!!
Does it mean that every time I should switch to :grey: in order to avoid connection errors while issuing the ssl certificate? Is this the free plan limitation?

1 Like
6

Short answer - yes.

No, it is not. I am not 100% sure the answer, while there are some other tries and workarounds, but the suggested one from my above post works best for me.

Maybe trying with a search :search: would get us some better answers for future understanding of the architecture working under it:

7

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.