LetsEncrypt not updating

So, I am in search of clarification and need advice. I have had three domains with CF for about three years now and do not remember the following happening: On two of the domains, I have the DNS at my registrar pointing to CF and use Full mode. On one domain, I am only proxying the main domain and the other subs are DNS only. On another, DNS is again pointed to CF and am using Full mode and all domains are proxied. On the first domain, when LetsEncrypt on my origin server wanted to update, it failed all of the DCV stuff so in order to update, I had to repoint the DNS at my registrar back to my host, delete the old certs and then run AutoSSL again. So, obviously the site was down for a while. On the other domain, renewal is set to happen on Feb 1 and really would not like to repoint my DNS if possible.

So, I guess my question is twofold: Is there a way to make this work using LetsEncrypt and CF in at least Full mode without these DCV errors? Or, if I am using CF with the DNS properly pointed at CF servers, does CF handle all of the SSL certs and LetsEncrypt become redundant?

Hope what I am asking is clear enough?


Use Full (Strict) instead!

1 Like

I would certainly and will if I can come up with a solution. Full Strict will even further inhibit Lets Encrypt will it not?

Kindly, in case it fails to renew the SSL certificate, to renew your Let’s Encrypt SSL certificate at your origin server, may I suggest you to follow the steps from below cite:

Or, you could also temporary switch your DNS records from proxied :orange: to unproxied :grey: (DNS-only).
Therefore, after a renewing process is successful and your website works over HTTPS with the new SSL certificate, switch them back to proxied :orange:.

Otherwise, below is an article which could provide you more information in case if needed:

1 Like

I am not sure the Pause function would work because, the domain at our registrar has been reset to point at CF and NOT at the origin server at our host.

we also tried setting the Proxy to DNS Only and the update still failed.

Also, I don’t think there is any way to use Full Strict mode without pointing the domain at the registrar to Cloudflare, correct?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.