Using Let’s Encrypt SSL, got message from hosting cant extend SSL

I have Wordpress site, and set up free Let’s Encrypt certificate from hosting.
Site has been working for 1.5 years, all this time Let’s Encrypt certificate has been re-issuing and applying automatically every 3 month.

I set up Cloudflare free account and few days ago got this message from my hosting:

“Error reissuing Let’s Encrypt free certificate
Unfortunately, there was an error when issuing your free Let’s Encrypt certificate.
To try again, you will need to point the A-entries to the following domains: for
Certificate will expire 29.08.2019. In case it will not be reissued, HTTPS connection to the domains will not be accessible.”

This is my settings on DNS page,
And Crypto page:
(sorry, new users can post only 1 picture)

I want to have Let’s Encrypt certificate to be automatically re-issued and applied every 3 month to my domain without manual actions same as before.

Could you please help me to set it up?

I’ve had Cloudflare’s proxy mess with our LetsEncrypt verifications before.

The first thing I would try is disabling the force HTTPS/SSL option for your domain. If that doesn’t work then disabling the orange cloud should take care of things.

Hi @urantv,

The issue here is that when you add Cloudflare, their IP addresses show, not the IP of your server. Ideally, your host may be able to offer some alternative way to get the certificate issues, like DNS validation.

Alternatively, you may have to switch from :orange: to :grey: while the cert renews.

Thanks for reply!

I found out thats true.
Hosting recommended me to stop using Lets Encrypt certificate, and start using Cloudflare SSL certificate instead.
Switching orange cloud to grey cloud means doing it constantly every 3 month during certificate re-issuances.

Could you suggest me please how to order SSL certificate on Cloudflare correctly?

Is this right:

  1. SSL/TLS - SSL - Flexible.
  2. After issuinf certificate check the checkbox SSL/TLS - Always Use HTTPS is on.

No problem!

Flexible isn’t fully secure. What you should ideally do is install a Cloudflare Origin Certificate on your server (which can be valid for up to 15 years) and set this to Full (strict).


1 Like

Thank you!
Finally I understand how it works.
The thing is my website is on shared hosting, and hosting company probably wont install CF certificate on server.
So I have only the last option left, which is Flexible.

1 Like

I also use shared hosting and they have been happy to let me install Cloudflare’s SSL - they should be if they can’t provide an alternative way to get Let’s Encrypt certs automatically.

Cloudflare has a certbot bot plugin which needs API creds to work.

This topic was automatically closed after 30 days. New replies are no longer allowed.