So, I am in search of clarification and need advice. I have had three domains with CF for about three years now and do not remember the following happening: On two of the domains, I have the DNS at my registrar pointing to CF and use Full mode. On one domain, I am only proxying the main domain and the other subs are DNS only. On another, DNS is again pointed to CF and am using Full mode and all domains are proxied. On the first domain, when LetsEncrypt on my origin server wanted to update, it failed all of the DCV stuff so in order to update, I had to repoint the DNS at my registrar back to my host, delete the old certs and then run AutoSSL again. So, obviously the site was down for a while. On the other domain, renewal is set to happen on Feb 1 and really would not like to repoint my DNS if possible.
So, I guess my question is twofold: Is there a way to make this work using LetsEncrypt and CF in at least Full mode without these DCV errors? Or, if I am using CF with the DNS properly pointed at CF servers, does CF handle all of the SSL certs and LetsEncrypt become redundant?
Kindly, in case it fails to renew the SSL certificate, to renew your Let’s Encrypt SSL certificate at your origin server, may I suggest you to follow the steps from below cite:
Or, you could also temporary switch your DNS records from proxied to unproxied (DNS-only).
Therefore, after a renewing process is successful and your website works over HTTPS with the new SSL certificate, switch them back to proxied .
Otherwise, below is an article which could provide you more information in case if needed: