github/cloudpanel-ce
1
1
Fork 0
mirror of https://github.com/cloudpanel-io/cloudpanel-ce.git synced 2026-04-05 20:31:58 +02:00
Code Issues 11 Packages Projects Releases Wiki Activity

Cloudflare Proxy and Let's Encrypt #62

New Issue
Closed
opened 2026-04-05 20:25:23 +02:00 by MrUnknownDE · 0 comments
MrUnknownDE commented 2026-04-05 20:25:23 +02:00
Owner
Copy Link

Originally created by @officialJCReyes on 7/20/2025

CloudPanel version(s) affected

2.5.1

Description

When a domain is proxied in Cloudflare the Let's Encrypt Certificate does not automatically renew

DOMAIN.com: Domain could not be validated, error message: error type: urn:ietf:params:acme:error:unauthorized, error detail: During secondary validation: 2606:4700:3030::6815:4001: Invalid response from http://DOMAIN.com/.well-known/acme-challenge/JnAUZ7A514G_RbE0l26gI9NHWB2qSjO3we4RSf2nEo0: 403

How to reproduce

With SSL enabled in Cloudflare set to Full, Full (Strict) or strict, proxy the domain after you generate your first certificate. When it is time for renewal you cannot renew your certificate.

Possible Solution

It appears that when it makes the ACME request it does it over port 80 instead of port 443. If you are using SSL mode Full or higher it does interpret properly. When using Flexible SSL Mode, Cloudflare communicates via HTTP to Cloudpanel and it is able to renew the certificate.

Image

Additional Context

No response

*Originally created by @officialJCReyes on 7/20/2025* ### CloudPanel version(s) affected 2.5.1 ### Description When a domain is proxied in Cloudflare the Let's Encrypt Certificate does not automatically renew DOMAIN.com: Domain could not be validated, error message: error type: urn:ietf:params:acme:error:unauthorized, error detail: During secondary validation: 2606:4700:3030::6815:4001: Invalid response from **http**://DOMAIN.com/.well-known/acme-challenge/JnAUZ7A514G_RbE0l26gI9NHWB2qSjO3we4RSf2nEo0: 403 ### How to reproduce With SSL enabled in Cloudflare set to Full, Full (Strict) or strict, proxy the domain after you generate your first certificate. When it is time for renewal you cannot renew your certificate. ### Possible Solution It appears that when it makes the ACME request it does it over port 80 instead of port 443. If you are using SSL mode Full or higher it does interpret properly. When using Flexible SSL Mode, Cloudflare communicates via HTTP to Cloudpanel and it is able to renew the certificate. <img width="665" height="212" alt="Image" src="https://github.com/user-attachments/assets/ed04d66b-ce05-4bc2-b052-c92ddce1ccb8" /> ### Additional Context _No response_
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
In progress
In progress
In progress
In progress
In progress
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
feedback needed
feedback needed
help wanted
improvement
improvement
improvement
improvement
patch available
patch available
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
MrUnknownDE
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github/cloudpanel-ce#62
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?