For some time, I’ve hidden my nextclould behind CF zero trust. When refreshing certificates via letsencrypt I would manually disable the tunnel, refresh and re-enable the tunnel. Now that letsencrypt will no longer notify me via email I need a more robust (read automated) way of refreshing certs. Do I have any options other than disabling zero trust? (the advantage would be I no longer need vpn to have the mobile app working).
You must log in or register to comment.
DNS-01 challenge with letsencrypt. Or use cloudflare tunnel and don’t use https internally.
Thanks for the reply, among all answers I chose this. Just because it works for me.
Maybe you can use letsencrypt’s DNS-01 challenge. That works without an HTTP connection. But ultimately, I don’t think you need a certificate on the server, doesn’t Cloudflare tunnel the traffic (unencrypted) and terminate the HTTPS on their side?
Thanks for the reply, among all answers I chose this. Just because it works for me.
Behind a cloudflare tunnel you can use a self signed or expired certificate, just check the “no TLS verify” checkbox
Edit: or use DNS based verification, nginx proxy manager can do it automatically using cloudflare api when behind cloudflare tunnels
Thanks for the reply, among all answers I chose this. Just because it works for me.
Are you a bot?
Setup a cron that does it once per day, when you don’t need it, like certbot does. Easy.
