Zero Trust - LetsEncrypt

I use cloudflare Zero Trust for my domains.
And I use LetsEncrypt on some servers. Unfortunately, when Zero Trust is enabled, certificate renewal via LetsEncrypt does not work.

Is there any way for path:

Add it to the exceptions so that it is not covered by Zero Trust?

If this is possible, please provide a procedure on what needs to be done to do this.

I have a free subscription.



Perhaps you can try this method, shared by other community members?

Thank you for the answer and the method @erictung .
Could you give me more advice. I am new to CF so I am not quite sure what all needs to be set up.

Do I understand correctly that in CF → Security → WAF - I create a new rule?

See printscreen

Unfortunately that’s probably not all, it’s still not working.


Nothing related to the WAF/Firewall rule for your domain.

You need to create another Cloudflare Access application in Zero Trust dashboard, to match the specific path that you would like to skip authentication for Let’s Encrypt cert renewal. Within the new Access application, the Access policy action should be Bypass everyone.


I can confirm that this worked for me with following settings…


And the acess rule is…


I forgot to add this screenshot too (sorry for multiple posts, but it wont let me post more than one picture per post!)…


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.