LE SSL still needs to be enabled after adding the website to cloudfare?

uncheck LE checkbox of the website in ispconfig will remove https from website causing error to site?
check LE checkbox again will renew the cert for https?
this is my understanding

 

Correct. As soon as you disable SSL Checkbox there will be no https possible for that webspace.

 

thank you very much, I will test.

 

just did a test. my LE SSL will be expired on 21 May 2024.
disabled clouldflare proxy for the domain.
1. I unchecked LE checkbox of the website in ispconfig and save, then the site is down due to https error.
2. I checked LE checkbox again, https working agine, but the cert LE SSL still expired on 21 May 2024. (cert not renew)

It seems uncheck, save. then check again Let's Encrypt SSL option will not renew the cert at once.

 

The next renewal time is detailed in the corrosponding config file at /root/.acme.sh/site.name/site.name.conf

You may want to check the acme.log and see if there are any errors

 

there is no such dir in /root/.acme.sh/
I am running Ubuntu 22.04.4 LTS

 

Yes, all cert of the domains here. the time of the files matches the time I uncheck and check the ispconfig LE SSL checkbox. but how to renew the cert? is there a way to renew the cert at once when I disable cloudflare proxy?
https://monosnap.com/file/WgDYcwY0HqO2nkNrEyRwEFG1EOQ3UI

 

What is your certbot version? How did you install it, via apt or snap? If the former, I'd advise to remove certbot, and use snap to reinstall it.

 

something really strange.
I use command to renew the cert:
certbot renew --force-renewal (NO PORBLEM)
service nginx restart > no error

all successful, to double check: certbot certificates shows cert renewed, BUT SOMEHOW THE WEBSITE (https://m.inspireme.life) STILL SHOWING THE OLD CERT EXPIRED ON 2024 MAY 9.

SEE IMAGE
https://monosnap.com/file/EZ3q0MwyKc0BNdYRdHzykaSOPHvfMY

Certificate Name: m.inspireme.life
Serial Number: 442d50385f353b4b6803e4c6e08a427def4
Key Type: RSA
Domains: m.inspireme.life
Expiry Date: 2024-07-31 07:31:18+00:00 (VALID: 83 days)
Certificate Path: /etc/letsencrypt/live/m.inspireme.life/fullchain.pem
Private Key Path: /etc/letsencrypt/live/m.inspireme.life/privkey.pem

m.inspireme.life.vhost
erver {
listen *:80;
listen [::]:80;
listen *:443 ssl http2;
ssl_protocols TLSv1.2;
listen [::]:443 ssl http2;
ssl_certificate /var/www/clients/client0/web101/ssl/m.inspireme.life-le.crt;
ssl_certificate_key /var/www/clients/client0/web101/ssl/m.inspireme.life-le.key;

server_name m.inspireme.life ;

root /var/www/m.inspireme.life/web/;
disable_symlinks if_not_owner from=$document_root;

if ($scheme != "https") {
rewrite ^ https://$http_host$request_uri? permanent;
}

index index.html index.htm index.php index.cgi index.pl index.xhtml;

error_log /var/log/ispconfig/httpd/m.inspireme.life/error.log;
access_log /var/log/ispconfig/httpd/m.inspireme.life/access.log combined;

location ~ /\. {
deny all;
}

location ^~ /.well-known/acme-challenge/ {
access_log off;
log_not_found off;
auth_basic off;
root /usr/local/ispconfig/interface/acme/;
autoindex off;
index index.html;
try_files $uri $uri/ =404;
}

location = /favicon.ico {
log_not_found off;
access_log off;
expires max;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
.....

 

I found the error, edit the conf file, and copy back the correct setting. issue fixed
Processing /etc/letsencrypt/renewal/m.inspireme.life.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for m.inspireme.life
Failed to renew certificate m.inspireme.life with error: Missing command line flag or config entry for this setting:
Input the webroot for m.inspireme.life:

 

HERE ARE THE TESTED STEPS WORKING:
1. disable proxy in CF domain DNS setting so that domain IP is from original server
2. certbot renew --force-renewal > certbot certificates > nginx -t > service nginx restart
3. double check website ssl expire date CORRECT
4. enable back proxy in CF domain DNS setting

THANKS FOR EVERYONE'S HELP.