How to renew SSL certificate from Lets-encrypt when your website is using cloudflare

January 07, 2018


This article is for website administrator or owner who has once taken certificate from, and its the time to renew your certificate. And, you are using cloudflare CDN for your website.

Lets-Encrypt Organization is an organization who provides free SSL certificate to anyone. I'm a great admirer of this service. And, its popularity increased when google chrome announced that it will give an advantage to SSL enabled websites.

I will write about how to get a new SSL certificate for your website from lets-encrypt. Its an amazing service, with an easy to use utility scripts.


Letsencrypt says you should run following command:

certbot renew

It may work for most of the people. But, it will not work for people who are using cloudflare.

Following error comes out:



There are two solutions that I could find till now:

1. Bypass cloudflare DNS proxy

You have to disable DNS proxy from cloudflare CDN. i.e. Bypassing cloudflare. If someone opens your website, he/she can see your actual IP, OR he/she will be served from your hosting, not from cloudflare.

Cloudflare website


You have to do this, just for the time period in which you are running command to renew your certificate.

Warning: When you disable this setting, your users might see SSL warning on browser, and that will not be good for you.

SSL warning


And, run command: 

certbot renew

You are done! Do not forgot switch ON DNS proxy setting from cloudflare


2. Via Command line

For this, you need ssh access of your web server. 

Open terminal, and type command:

certbot certonly -d -d (put your website in place of

It will ask for putting webroot path. Write down the path of your documentRoot.


You're done.

Share your experiences or issues if any, I will be able to help them out.



You should test first your commands, before requesting Lets Encrypt. Read: Test your request to Lets Encrypt

Also read: Common error

Similar Posts

Latest Posts