I use cloudflare Zero Trust for my domains.
And I use LetsEncrypt on some servers. Unfortunately, when Zero Trust is enabled, certificate renewal via LetsEncrypt does not work.
Is there any way for path:
Add it to the exceptions so that it is not covered by Zero Trust?
If this is possible, please provide a procedure on what needs to be done to do this.
I have a free subscription.
Perhaps you can try this method, shared by other community members?
I figured it out. You have to create two applications, a normal one with the bare domain/sub-domain without a path, which will have the policy to grant access. Then, you create a second application which specifies a path, shown in the screenshot. This application should have one bypass policy, also in the screenshot.
It’s a bit clunky, but works great.
Thank you for the answer and the method
Could you give me more advice. I am new to CF so I am not quite sure what all needs to be set up.
Do I understand correctly that in CF → Security → WAF - I create a new rule?
Unfortunately that’s probably not all, it’s still not working.
Nothing related to the WAF/Firewall rule for your domain.
You need to create another Cloudflare Access application in Zero Trust dashboard, to match the specific path that you would like to skip authentication for Let’s Encrypt cert renewal. Within the new Access application, the Access policy action should be Bypass everyone.
I can confirm that this worked for me with following settings…
I forgot to add this screenshot too (sorry for multiple posts, but it wont let me post more than one picture per post!)…
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.