Let's Encrypt SSL cannot renew with Cloudflare

Dear all,

Firstly, Thank you all for your help.

A few months ago, I changed a new share web hosting, it is a Apache server with Nginx reverse proxy in front. When I use Cloudflare, I get “Too Many Redirect” error immediately. After some searching, I found out that changing the SSL setting in Cloudflare from “Flexible” to “Full” solved the problem.

However, after few month, Let’s Encrypt SSL Cert expired and it cannot renew itself. After some searching, people said SSL setting in Cloudflare set to “Full” stop Let’s Encrypt renewing the Cert.

Now, this is my question. :thinking:

If I set SSL setting in Cloudflare to “Flexible”, I get “Too Many Redirect” error immediately.
If I set SSL setting in Cloudflare to “Full”, Let’s Encrypt SSL Cert cannot renew.

So, What should I do to solve both problems together?

Finally, Thank you all for your help.

If you have an SSL certificate at your host/origin, yes, you should use Full SSL option.

Could you try it with the steps written from below?:

  1. To renew your Let’s Encrypt SSL certificate while using Cloudflare, you can temporarly switch :orange: to :grey: cloud for A www and A yourdomain.com records at Cloudflare dashboard for your domain (or a CNAME record if you have one).
  2. Wait for few minutes for changes to apply.
  3. Start the renewing process for your Let’s Encrypt SSL certificate at your host/origin (having :grey: temporarly, it should resolve to your host/origin IP address and you should be able to renew it via DNS/TXT/web host method).
  4. After a successfull renewing process, switch back from the temporarly :grey: cloud to :orange: cloud to make sure your Website is proxied via Cloudflare.
  5. Make sure you have selected the Full SSL or Full SSL (Strict) option at Cloudflare.

Moreover, do you have Always use HTTPS and Automatic HTTPS redirection options both enabled at Cloudflare dashboard under SSL settings (tab)?