Hi. I've an Ispconfig with some sites and email server working ok (server name xxx.mycompany.com) I've had to change my main domain (mycompany.com) dns servers to Cloudfare, then I've had to recreate my A, MX... registers there. All seems working ok until I've checked proxy enable option, then ISP became innaccesible and gave ERR_SSL_PROTOCOL_ERROR. The sites continue working but I can't access the ISP gui and mail server. Then, it's convenient check this proxy option or it's better to let DNS only? I believe when I enable the proxy at the A register a conflict appears between Let's encrypt and Cloudfare SSL certificate, is it? Searching over internet I read some articles saying I've to change Let's encrypt certificate to Cloudfare one and seems to be hard. It is convenient to do so or leave with let's encrypt and no proxy??? Thanks.
The CloudFlare proxy blocks Let's Encrypt SSL requests, so you can not get a Let's Encrypt SSL certificate when you enable it. Besides that, I don't think you can use the proxy option for port 8080, which is probably the reason why you can not reach the ISPConfig GUI anymore. Don't enable proxy for the server hostname (which is what you use to access ISPConfig). If you want to use CF proxy for websites, then you must create self-signed SSL certs fr the sites in ISPConfig, as you can not get LE certs anymore.
I was in the same boat, I tried to bring vps inhouse and use CloudFlare but that was quickly shut down because they block a lot of ports not just 8080/8081 and routing email won't work. Instead I am exploring vps/wireguard -> [firewall] -> in-house vps and route traffic to and from the public vps/wireguard.
