Introduction

This article is for website administrator or owner who has once taken certificate from letsencrypt.org, and its the time to renew your certificate. And, you are using cloudflare CDN for your website.

Lets-Encrypt Organization

Letsencrypt.org is an organization who provides free SSL certificate to anyone. I'm a great admirer of this service. And, its popularity increased when google chrome announced that it will give an advantage to SSL enabled websites.

I will write about how to get a new SSL certificate for your website from lets-encrypt. Its an amazing service, with an easy to use utility scripts.

Problem

Letsencrypt says you should run following command:

certbot renew

It may work for most of the people. But, it will not work for people who are using cloudflare.

Following error comes out:

 

Solution

There are two solutions that I could find till now:

1. Bypass cloudflare DNS proxy

You have to disable DNS proxy from cloudflare CDN. i.e. Bypassing cloudflare. If someone opens your website, he/she can see your actual IP, OR he/she will be served from your hosting, not from cloudflare.

Cloudflare website

 

You have to do this, just for the time period in which you are running command to renew your certificate.

Warning: When you disable this setting, your users might see SSL warning on browser, and that will not be good for you.

SSL warning

 

And, run command: 

certbot renew

You are done! Do not forgot switch ON DNS proxy setting from cloudflare

 

2. Via Command line

For this, you need ssh access of your web server. 

Open terminal, and type command:

certbot certonly -d example.com -d www.example.com (put your website in place of example.com)

It will ask for putting webroot path. Write down the path of your documentRoot.

 

You're done.

Share your experiences or issues if any, I will be able to help them out.

 

Update

You should test first your commands, before requesting Lets Encrypt. Read: Test your request to Lets Encrypt

Also read: Common error