SSL Certificate Renewal Failure

What is the name of the domain?

stevebrown.us

What is the error number?

N/A

What is the error message?

N/A

What is the issue you’re encountering

SSL Certificate not being renewed

What steps have you taken to resolve the issue?

Extensive conversation with my hosting service, TMD

What are the steps to reproduce the issue?

N/A

More info: The certificate is being managed through Let’s Encrypt, which has been giving me failure to renew messages. TMD first said that everything was OK, and Let’s Encrypt would be phased out.

When notifications persisted every two days or so, I asked again and TMD said the notifications had been turned off, but they kept on coming.

Today, a new tech said “we successfully resolved the reported issue by disabling the Cloudflare proxy on the DNS records of the domain stevebrown.us.”

I replied, “I see in SSL/TLS status that it now shows “AutoSSL Domain Validated”; I’m guessing that the next time Let’s Encrypt tries, it will be successful. But do I understand correctly that now I don’t have the Cloudflare reverse proxy in front of my domain? I thought that was what TMD was recommending to stop bots from sending scam/spam emails via my contact form. Was the whole Cloudflare experiment a waste of time?”

Then they replied, “your domain stevebrown.us is still using the Cloudflare service since it pointed to them via nameservers, just the DNS records of this domain are pointed directly to our server.”

I am no longer seeing the “Verifying that you are human” when logging into my own website.

Have I lost a significant degree of protection?

I’m not seeing any pending certificates. All certificates are up to date so I suspect you were able to fix this issue.

However, it looks like the DNS record(s) for stevebrown.us are no longer proxied. You’ll likely want this to be proxied (orange clouded) if you want it to be protected behind Cloudflare.

Thanks! I think I’d like to get the reverse proxy back. I’ve been in touch with TMDHosting, and (if I understand correctly) they are suggesting I get the SSL through Cloudflare instead of through them via Let’s Encrypt. Do you agree? And how do I go about making all that happen?

Update: After more conversation with TMD, they restored the proxy and removed the Let’s Encrypt certificate from the cPanel app that managed its renewal, leaving that to another app. I also looked at the SSL on the Cloudflare side and it looks like I have an Edge certificate that will auto renew. Is that correct and is that all I need?

This topic was automatically closed after 15 days. New replies are no longer allowed.