Plesk with Let's Encrypt auto renewal not working with CF

What is the name of the domain?

efgs.nl

What is the issue you’re encountering

Plesk with Let’s Encrypt auto renewal not working with CF

What steps have you taken to resolve the issue?

I heard I maybe need to turn off this setting in CF:
Always Use HTTPS

and maybe also this one:
Automatic HTTPS Rewrites ?

What feature, service or problem is this related to?

DNS not responding/updating

Hi there,

As far as I understand it, Plesk can only renew the certificates automatically if it has authority over DNS. This is because Plesk uses TXT records to validate the certificate, but since the DNS is at Cloudflare, the records created by plesk do not propagate.

A simple solution to this is using Cloudflare origin certificates instead, this way you can have a certificate at your origin with up to 15 years validity.
These types of certificates are only used between Cloudflare and the origin and the certificate shown externally will still be the edge certificate.

Another option would be to delegate _acme-challenge with NS records, but this can bring other issues when Cloudflare tries to renew edge certificates for your zone.

Take care.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.