CD
Cloudflare Developers14mo ago
Chaika

Access and blocking .well-known for https cert

Yea, it looks like you have an application for blocking access to the subdomain, and then a bypass just for booking-form/website? If you add another bypass for the path .well-known, you should be set, and the cert should try to renew after a bit and succeed. Http Validation needs let's encrypt to have access that path for challenges, example: https://console.rutherfordspunting.com/.well-known/acme-challenge/tuWtltVU7Nn_WahsFTz-ZA0ebMJGvBxrFNlKdLYD6pZnNG5Q1Nky8oqQDEuWumUA to renew properly
8 Replies
Paul Wong-Gibbs
Paul Wong-Gibbs14mo ago
Thank you for this. We’ve set up the rule. Any idea how frequently it will retry?
Chaika
Chaika14mo ago
Not sure. You could remove and readd the Pages custom domain, would probably be the fastest way to fix it. Otherwise if you can wait until tomorrow I could poke one of the pages people about it
Erisa
Erisa14mo ago
certificate validation takes longer between retries the longer its gone on for, using a backoff schedule: https://developers.cloudflare.com/ssl/reference/validation-backoff-schedule/
Validation backoff schedule · Cloudflare SSL/TLS docs
Consider what happens if a domain control validation (DCV) fails and what schedule Cloudflare follows for new attempts and backoff.
Erisa
Erisa14mo ago
the same page also notes
Cloudflare caps the check backoff to a maximum of four hours to avoid the function growing exponentially
which means under the very worst case scenario it could take 4 hours and also notes that it will give up entirely after a number of days: 30 for digicert, 14 for google and 7 for LE
Chaika
Chaika14mo ago
It might have already given up then, iirc it should have first tried 30 days ago since it's expired today Should be able to just remove/readd and get issued a new one that will be able to renew
Erisa
Erisa14mo ago
pages custom domains area should show the status and indeed would recommend redoing, if its broken anyway theres no downside
Paul Wong-Gibbs
Paul Wong-Gibbs14mo ago
Thank you again everyone, I’ll give that a go MeowHeartCloudflare is unlikely to automatically delete my Access config when I remove the custom domain from my Pages’ app’s settings, right?
Erisa
Erisa14mo ago
It won't affect anything in Access
Want results from more Discord servers?
Add your server
More Posts
If it returns it deleted if it throws anIf it returns it deleted if it throws an error it didn’tYou mean AccessYou mean Access?Redirect-Cloudflare-443Hi, I would like to know if cloudflare can handle a redirects like below? As we are getting a few linext-on-pages and modifying routesSo I only want page functions to run whenever I hit my nextjs API route, how can I do this?Hi all am currently trying to perform aHi all, am currently trying to perform a multi file upload using cloudflare workers and R2 but I keeNotification when deployment fails?Hey, I just noticed that all my deployments from the last 15 days have been silently failing... ThaWorkers fetch cache not working?I'm using an external api, which is rate limited. But I need more requests than that the limit allowNo cache api behind access?It looks like cache api doesn't work if Cloudflare Access is running in front of a worker? `For WorCannot read properties of undefined (reading 'fetch')Hey there, I'm using cloudflare workers with `workers-rs` and `wrangler`. I currently have a basic hUnable to perform multi-part upload for filesHi all, I'm currently trying to use a worker to perform a multipart upload of a file on my front-en