[Cloudflare] Fix errors when renewing Let’s encrypt cert

June 21, 2020 Linda Walker Loading... Post a comment

If you’re using both Cloudflare and Let’s Encrypt for your website, you may face an error in renewing your cert. The error message is similar to this:

http-01 challenge for your-domain.com
http-01 challenge for www.your-domain.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (your-domain.com) from /etc/letsencrypt/renewal/your-domain.com.conf produced an unexpected error: Failed authorization procedure. your-domain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.your-domain.com/.well-known/acme-challenge/...

Let’s Fix It

Fixing the mentioned error is quite simple.

Firstly, just login to your Cloudflare account then navigate to “SSL/TLS”.

After that, check the radio box next to “Of (not secure)” or “Flexible”. I personally think the second choice is better.

Now, connect to your server using a SSH client and run the following command:

sudo certbot renew --dry-run

It works. The output should look like this:

** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/your-domain.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)

The last thing to do is go back to your Cloudflare account and change the SSL/TLS settings to normal.

Inline Feedbacks
View all comments

Related Articles

Would love your thoughts, please comment.x