{"id":5376,"date":"2017-08-02T08:03:46","date_gmt":"2017-08-02T12:03:46","guid":{"rendered":"http:\/\/www.dr-chuck.com\/csev-blog\/?p=5376"},"modified":"2017-08-02T08:04:21","modified_gmt":"2017-08-02T12:04:21","slug":"doing-a-certbot-renew-when-a-site-is-behind-cloudflare","status":"publish","type":"post","link":"https:\/\/www.dr-chuck.com\/csev-blog\/2017\/08\/doing-a-certbot-renew-when-a-site-is-behind-cloudflare\/","title":{"rendered":"Doing a certbot renew when a site is behind CloudFlare"},"content":{"rendered":"<p>I have lots of my web sites behind CloudFlare &#8211; which is nice because I get free auto-updated SSL certs and all the other benefits of CloudFlare.<\/p>\n<p>But in case I want to bypass CloudFlare, I like to keep a solid SSL cert on the original server.  So I logged in and ran a:<\/p>\n<p><code>sudo certbot renew --dry-run<\/code><\/p>\n<p>And got this error message:<\/p>\n<p><strong>Attempting to renew cert from \/etc\/letsencrypt\/renewal\/www.tsugi.org.conf produced an unexpected error: Failed authorization procedure. www.tsugi.org (tls-sni-01): urn:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure. Skipping.<\/strong><\/p>\n<p>The solution was to log in to CloudFlare and reconfigure my tsugi.org to temporarily bypass the proxy and then re-run:<\/p>\n<p><code>sudo certbot renew --dry-run<\/code><\/p>\n<p>Then the renewal worked just fine and afterwards &#8211; I restored Cloudflare as my proxy.<\/p>\n<p>Of course you might need a few minutes whilst the DNS changes propagate.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I have lots of my web sites behind CloudFlare &#8211; which is nice because I get free auto-updated SSL certs and all the other benefits of CloudFlare. But in case I want to bypass CloudFlare, I like to keep a solid SSL cert on the original server. So I logged in and ran a: sudo [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5376","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/posts\/5376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/comments?post=5376"}],"version-history":[{"count":3,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/posts\/5376\/revisions"}],"predecessor-version":[{"id":5379,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/posts\/5376\/revisions\/5379"}],"wp:attachment":[{"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/media?parent=5376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/categories?post=5376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/tags?post=5376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}