How do I get a Let's Encrypt certificate while behind a Cloudflare reverse proxy?

N

nullemotion2017-07-20 14:45:43

cloudflare

nullemotion, 2017-07-20 14:45:43

Ubuntu+Apache. SSL is enabled in Apache, port 443 is listening. IP conditionally white. Cloudflare is used simply for the A-record in DNS. So:
sudo certbot --apache
Result: Detail: remote error: tls: handshake failure
In /var/log/letsencrypt/letsencrypt.log, the following is confusing:
...
"hostname": "blablabla.ru",
"port": " 443",
"addressesResolved": [
"104.31.82.112",
"104.31.83.112",
...
Actually, the IP of the site is not the same. It is clear that everything is due to Cloudflare, which gives Let's Encrypt not a real IP, but some kind of its own. I suspect that handshake does not work out of this.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Denis Verbin, 2017-07-22
@rez0n

Disable Cloudflare (in the DNS section) for the domain, get a certificate, and re-enable proxying.
But there will be little use for such a certificate, since Cloudflare will still give out its certificate when proxying is enabled.