Renewing certbot certificate: Will putting cloudflare SSL in strict affect it?

I was setting up a letsEncrypt certificate and the verification failed when I put cloudflare SSL in FULL(Strict). I had to shift it to FLEXIBLE to make it work.

Now would there be problems if the cloudflare ssl is kept in FULL(strict) when certbot renews the certificate?

When you’re using the HTTP challenge, Flexible means CF connects to your server over HTTP, Full means HTTPS (but not verifying the certificate), and Full Strict means HTTPS plus verifying the certificate is valid.

To fix this, ot is highly recommended to use the DNS challenge instead -

https://certbot-dns-cloudflare.readthedocs.io/en/stable/

1 Like

Thank you. So even on renew certbot uses http to check authentication.

Is this the best way to set up the dns challenge in ubuntu? https://mangolassi.it/topic/18355/setup-letsencrypt-certbot-with-cloudflare-dns-authentication-ubuntu/2 by setting up the token as given in page 5 here : https://readthedocs.org/projects/certbot-dns-cloudflare/downloads/pdf/latest/ ?

This topic was automatically closed after 30 days. New replies are no longer allowed.