My ISP is trying to renew my automatically-renewing Let’s Encrypt certificate but is being blocked by a Cloudflare DNS record.
What steps have you taken to resolve the issue?
I contacted my ISP and I read multiple documents. My ISP says that the issue pertains to a DNS record added by Cloudflare. Evidently, I need to remove the record, but it isn’t listed with the DNS records I added.
Was the site working with SSL prior to adding it to Cloudflare?
Thank you for your response. It isn’t necessary to know the specific DNS record created by Cloudflare. Simply coordinate with your ISP, disable the Cloudflare proxy for a minute or two while your ISP updates the certificate, and then re-enable the proxy service.
As long as you’re ok with doing this every three months when the Let’s Encrypt certificate will have to be renewed… then, yes, that sounds like a plan.
Not for me though.
I prefer the one-time solution of DNS auth or, for HTTP auth, creating a custom rule to ensure the origin webserver always has direct access to the /.well-known/ path..
Thanks! If I could figure out how to implement DNS auth or HTTP auth (and if I knew which one applies here), I’d try your approach. Fortunately, my certificate purportedly won’t need to be renewed for another year.
Thanks. I checked the certificate, and it does indeed expire in 90 days. This differs from the information provided by my ISP. Can you or someone else provide instructions for implementing DNS auth or HTTP auth, and indicate which one applies in different cases? I have searched the Cloudflare site and haven’t found any potentially relevant documents that I can comprehend. I contacted my ISP’s support folk, and they appear equally perplexed.
