如何在cloudflare 上更新 leti‘s encrypt 的SSL 证书问题？
因为 用tls 1.0更新 ssl 证书，不能通过 cdn 代理，所以不能用了。直接用cloudflare 的ssl就行。
I Have Cloudflare activated in my site to hide the real IP of the VPS. In Addition to that I’ve also installed cloudflare apache mod so that I get correct IP addresses of my site visitors.
So, now., when trying to renew the certificate it is giving me errors., I can’t renew before disabling CloudFlare so the IP turns to the real one., and I really think this is not possible to maintain it every 3 months,
Is there any fix for the problem ?
OK, so you’re using the
tls-sni-01 challenge to verify your domain. That isn’t going to work with CloudFlare active.
The best solution, IMHO, is to use the
webroot challenge. That challenge works with a single file, which will pass through CloudFlares CDN services.
For the basic CloudFlare plans, there isn’t a way to import your own certificate, so you won’t be able to use a Let’s Encrypt certificate on the publicly-visible CloudFlare service, unless you pay for a plan that supports this option.
Many CloudFlare users won’t even benefit from a Let’s Encrypt certificate, because CloudFlare can give you its own certificate for use with your origin server (the server that you run that CloudFlare is proxying for). CloudFlare will accept that CloudFlare-issued certificate for HTTPS connections between its CDN service and your origin server, and it will issue its own publicly-trusted certificate for HTTPS connections between end-users and the CDN service.
If you do want to get a Let’s Encrypt certificate for the origin server, even though there might not be much of a reason to do so, you should note that the TLS-SNI-01 verification method doesn’t work if the Let’s Encrypt CA isn’t connecting directly to the origin service (which is true if you have CloudFlare in front of your site when you get the certificate!). Other verification methods, HTTP-01 and DNS-01, will work in this case by letting you post files on your site or update DNS records for your site.