Introduction
This article is for website administrator or owner who has once taken certificate from letsencrypt.org, and its the time to renew your certificate. And, you are using cloudflare CDN for your website.
Lets-Encrypt Organization
Letsencrypt.org is an organization who provides free SSL certificate to anyone. I'm a great admirer of this service. And, its popularity increased when google chrome announced that it will give an advantage to SSL enabled websites.
I will write about how to get a new SSL certificate for your website from lets-encrypt. Its an amazing service, with an easy to use utility scripts.
Problem
Letsencrypt says you should run following command:
certbot renew
It may work for most of the people. But, it will not work for people who are using cloudflare.
Following error comes out:
Solution
There are two solutions that I could find till now:
1. Bypass cloudflare DNS proxy
You have to disable DNS proxy from cloudflare CDN. i.e. Bypassing cloudflare. If someone opens your website, he/she can see your actual IP, OR he/she will be served from your hosting, not from cloudflare.
You have to do this, just for the time period in which you are running command to renew your certificate.
Warning: When you disable this setting, your users might see SSL warning on browser, and that will not be good for you.
And, run command:
certbot renew
You are done! Do not forgot switch ON DNS proxy setting from cloudflare
2. Via Command line
For this, you need ssh access of your web server.
Open terminal, and type command:
certbot certonly -d example.com -d www.example.com
(put your website in place of example.com)
It will ask for putting webroot path. Write down the path of your documentRoot.
You're done.
Share your experiences or issues if any, I will be able to help them out.
Update
You should test first your commands, before requesting Lets Encrypt. Read: Test your request to Lets Encrypt
Also read: Common error
