Let's Encrypt SSL Certificate Renewal and Cloudflare

epiz_26920211

Hello everyone and thanks in advance for the help. I currently have a free ssl certificate with Let’s Encrypt that I installed following the directions in “https://support.infinityfree.net/https/how-to-install-an-ssl-certificate/#installing-an-existing-certificate”. Then I enabled Cloudflare for my site, configured DNS and selected “full” mode. Since then everything has gone well but now I need to renew the ssl certificate and when trying to do it I see that the DNS of the hosting is not found and in the header it warns me that “you must change the CNAME in Cloudflare” (remember that it is currently working correctly). I have tried hitting “request ssl certificate” but it redirects me to the warning “you must change the CNAMES in Cloudflare”. What do you advise me, where do I start?


Thanks a lot.

Pls add the CNAME record within CF dns

4 Likes

Thanks for the reply. I currently have two CNAMES configured on Cloudflare (with the domain name and www). If you please could you tell me what would you add? and after adding it should I turn off the CF proxy (now it is connected)?

yes, you should turn off cf proxy on both cnames

6 Likes

Thanks for the reply. I’m lost! But then I change the CNAMES that I already have configured or should I add a new one?

add cnames in cloudflare then remove proxy on those cnames

4 Likes

I already have two CNAMES added, the one that points to the domain and the one of www.

then unproxy them

1 Like

Ok, I’ll try it and tell you something, thank you very much, it was very kind.

np

@MoreMas2020 You must add SSL cname records through cloudflare dashboard and unproxy them, these two are what i mean:

  1. create a cname record named _acme-challenge and set its value as (its Destination)
  2. create another cname record named _acme-challenge.www and set its value as (its Destination) too.
    make sure to unproxy them, then wait for while.
4 Likes

thats what i was trying to say

3 Likes

tbh he not mentioning the full names of cname records caused a perfect misunderstanding.

3 Likes

sorry

2 Likes

Thanks for answering. So I have to change my current CNAME records to “_acme-challenge” and “_acme-challenge.www”. I would also have to change the target / destinations or they are the same as I am using now. Now I have them configured the way the image indicates. I appreciate your patience.


Thanks again.

1 Like

No. You need two CNAME records to handle your website, which are the one described in the screenshot. And you’ll need the other CNAME records for the SSL verification.

You can have hundreds of different DNS records all at the same time pointing to different services without any problems. As long as the record name is different, they do not conflict.

Finally, if you want anyone here to verify your DNS records, it would help if you could share the domain name here.

3 Likes

Thank you, this last clarification has been very useful, in fact I have already been able to request the renewal of the certificate. Thank you very much all who have intervened.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.