I decided to cover this issue because it just happened to us, and I didn’t manage to find out a solution on the net.
This article is for those that have a Let’s Encrypt certificate installed on their web host – which gets renewed automatically – and also use Cloudflare.
Why we ended up using Cloudflare
Fortunately, every time I contacted them, they whitelisted the IPs.
But, one day, they refused to whitelist a range of IPs for security reasons, saying:
I relayed your request to our sys admins and unfortunately, we will not be able to execute it as this will cause a very large security risk for the server.
I didn’t bother to find a solution, since this happened quite often, and our security plugin, iThemes Security, was often blocking MaxCDN IPs too, so it was becoming quite annoying.
Don’t get me wrong, MaxCDN is great, and it’s basically not their fault. They could, maybe, acquire better IPs or something, but I really don’t know how it works, since it’s not my area of expertise.
So, we still wanted a CDN, because it does help with a site’s performance and loading time.
We decided to give Cloudflare a try, so we set it up at the end of February, 2018.
Cloudflare works differently from MaxCDN, and it also offers some extra stuff besides CDN, such as caching, DDoS protection, and other useful features.
You can see here a comparison between MaxCDN and Cloudflare, and what they offer.
Now let’s get to the important part.
Why isn’t the Let’s Encrypt certificate not auto renewing itself anymore
Since you are reading this topic, I assume you already have Cloudflare set up and a Let’s Encrypt certificate installed, and know what they are, and so on, so I won’t go into those details.
When you set up Cloudflare, you’ll have to point your domain name servers (DNS) to them.
By doing this, your Let’s Encrypt certificate will stop renewing automatically, since the DNS are not pointing to your web host anymore.
So you’ll eventually wake up with an email, like we did, saying:
Since this is the first time we’re using Cloudflare, and everything’s new to us, I contacted SiteGround’s support in order to ask them what’s the proper thing to do in this case.
Fortunately, the solution is quite simple, and I’ll share it with you below.
How to renew the Let’s Encrypt certificate if you’re using Cloudflare
Theoretically, this should work for everyone, not just for those that use SiteGround or WordPress.
In order to allow the Let’s Encrypt certificate to automatically renew itself, you’ll have to temporarily deactivate Cloudflare, which shouldn’t lead to any downtime or issues.
To deactivate Cloudflare:
- Log in to your Cloudflare account;
- Select the Overview tab;
- Click the Advanced link;
- Click the Pause button.
Now give it a couple of minutes for the Let’s encrypt certificate renewal to take place.
How to check if the Let’s Encrypt certificate has been renewed
In order to check if the Let’s Encrypt certificate has been renewed, so you can activate Cloudflare again, go to SSL Hopper and add your domain there.
I used letsencrypt.org as an example.
First of all, if you used SSL Hopper before, make sure you are not viewing a cached results. In order to see uncached results, click the “clicking here” link.
Then check the Issuer, which should be Let’s Encrypt, and the expiration time, which shouldn’t be more than 90 days, since a Let’s Encrypt certificate is valid for 90 days.
On SiteGround, and perhaps other web hosts as well, the Let’s Encrypt certificate automatically renews 30 days before the expiration, so they don’t wait for the whole 90 days.
It shouldn’t show very few days as well, because it means it didn’t renew and you’ll have to wait a bit more.
For example, when we received the email, we had 19 days left until expiration. If I would have checked with SSL Hopper, and it would have returned 19 days until expiration, it would have meant that the renewal didn’t take place.
After I deactivated Cloudflare, and the certificate renewed, we got 72 days until expiration date. Pretty random, but…
Why is it important to have SSL set up on both web host and Cloudflare
Cloudflare doesn’t offer end to end encryption by default, which means that the traffic from Cloudflare to the end users of your website will be encrypted, but not from Cloudflare to your web host.
Therefore, it’s strongly recommended that you use an SSL certificate – Let’s Encrypt certificate, in our case – on your web host as well, so that the traffic from Cloudflare to your web host will also be encrypted.
That’s a wrap
Hope the post was comprehensive and helped you to renew your Let’s Encrypt certificate while using Cloudflare.
Don’t forget to share to help out others!
If you have questions or thoughts, or need help, drop a comment, contact us, or message us on Facebook.
If you want to start your own WordPress blog, or need a website for your business, our WordPress installation service is at your disposal!