[Cloudflare] Fix errors when renewing Let’s encrypt cert
If you’re using both Cloudflare and Let’s Encrypt for your website, you may face an error in renewing your cert. The error message is similar to this:
http-01 challenge for your-domain.com http-01 challenge for www.your-domain.com Waiting for verification… Cleaning up challenges Attempting to renew cert (your-domain.com) from /etc/letsencrypt/renewal/your-domain.com.conf produced an unexpected error: Failed authorization procedure. your-domain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.your-domain.com/.well-known/acme-challenge/...
Let’s Fix It
Fixing the mentioned error is quite simple.
Firstly, just login to your Cloudflare account then navigate to “SSL/TLS”.
After that, check the radio box next to “Of (not secure)” or “Flexible”. I personally think the second choice is better.
Now, connect to your server using a SSH client and run the following command:
sudo certbot renew --dry-run
It works. The output should look like this:
** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates below have not been saved.) Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/your-domain.com/fullchain.pem (success) ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates above have not been saved.)
The last thing to do is go back to your Cloudflare account and change the SSL/TLS settings to normal.