LetsEncrypt through Cloudflare Proxy
Hello, Im trying to deploy a server who's URL is proxied via Cloudflare.
I can ssh to it through the tunnel, however my LetsEncrypt is failing to register.
I'm unsure what the best way to allow this through is, I have added the server to a cloudflare tunnel, added the http/s options in the zero access "public hostname" entry, and added a page rule to disable SSL on the .well-known/acme-challenge route, to no avail.
What else should I try? Thank you
5 Replies
Try disabling the proxy until the certificate is issued
Though note too that there isn’t much benefit to using an LE certificate when you are already using Cloudflare
That means my renewal would break though right unless I manually disabled it each time?
You can just use the CF-provided Origin Certificate, which doesn’t require revalidation
I may be misunderstanding the role of cloudflare here.
It seems that using lets encrypt is too much work to be worth it. I have now created a tunnel, and connected my server to it (I had some problems generating a tunnel and a config it seemed like i could only do one or the other from the ui?).
I have set up an origin certificate, and set my servers NGINX to use it for SSL over localhost. I am then setting up a public hostname on the tunnel to forward <mydomain> to https://localhost:443 which I believe will route requests through the tunnel?
However this only fives me anything other than 503 if I enable the noTLSVerify option in the public hostname, which feels like it defeats the purpose because I dont believe im using the correct certs now
What is the idiomatic way for me to use cloudflare to expose ssh, http and https from my server?
HTTP & HTTPS can be handled by pointing Tunnel to
http://localhost(note the http, not https). SSH is a bit more complex, as it requires Zero Trust to set up, but it still shouldn't be too difficult.