Let's Encrypt SSL Certificate after enabling CF Integration

Adrien

I share this hoping it can help other Enhance users.

Yesterday when some of my Let's Encrypt certificates expired, they were not automatically renewed.
Why? Because in between I had activated CF integration and enabled "strict" SSL mode in CloudFlare.

My Website SSL hasn't auto-renewed because the domain points to CloudFlare. To solve this I just needed to install the CF origin certificate on Enhance or disable "strict" SSL mode in CloudFlare.

https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/

Source: Enhance support

Adam

Thanks @Adrien this is a good tip. If the domain has CloudFlare proxy on (either through Enhance or directly with CloudFlare) then CloudFlare will terminate the SSL with their own certificate. At the moment Enhance only attempts to provision LetsEncrypt for a domain if it points to your server IP.

Installing the CloudFlare origin certificate is the best option however, when we release 9.5.0, Enhance will attempt a LetsEncrypt if it detects the CloudFlare proxy.