I am getting this when I browse to my sites/subdomains. I think the issue may be because I use Cloudflair to proxy my site and none of the ip address lookups match the local server DNS: Do I need to disable Cloudflair to get Let's Encrypt to renew? THX, -John
If you are using cloudflare, the certificates served for your site will be setup and managed at cloudflare, which is what it sounds like has expired. As to your question, I don't know offhand if cloudflare is configured to pass /.well-known/ or (/.well-known/acme-challenge/) urls for your site by default or if you'd have to configure that for each site. A quick search finds https://community.cloudflare.com/t/lets-encrypt-and-cloudflare-how-to-set/66442/9 which would indicate you need to set it up yourself.
So, when served publicly, Cloudflair has the certs. When served LAN, I have the certs. I would like to maintain both. I disabled Cloudflair, the crets are renewed, now I can re-enable Cloudflair. THX, -John
I use CF for all my domains but do not use its SSL, instead I simply use LE created by ISPConfig. As far as I remember, since it has been quite some years, I never have to diable and re-enable anything, so I think it depends on how you set up your domain in CF. I will share my settings only if asked as I am not sure it is the best for everybody. By the way, I have one CF email login account for each domain, so I won't be caught by its limit for having lots of dns records per email login account.
