I close my server to access by the outside world, allowing access from Cloudflare IPs. This works well, however causes a couple issues related to LetsEncrypt certificates.
BuyPass is an alternative CA, they publish their origin IP addresses allowing my tradition of trusting as few remote hosts as possible and are supported by acme.sh and certbot.
Is there a way to use BuyPass (or an alternative CA with published host IP addresses) with Hestia?
These are easily resolved in your Cloudflare Configuration. I find it helpful to create a Page Rule for the following:
Allow ACME challenge
*example.com/.well-known/acme-challenge/*
Disable Security
SSL: Off
Cache Level: Bypass
Disable Performance
I use the new Configuration Rules and Cache Rules in Cloudflare instead of a Page Rule, but I didn’t have an example handy to share right now.
I tried it but it was not an easy url replacement …
Thank you.
Another example poor design choices made by this industry, in this case, why doesn’t BuyPass follow the leader and use the same standards established by LE and why doesn’t LE publish their server addresses &/or ASN. URGH.
Let’s Encrypt doesn’t have an ASN to publish. They explain the IPs on their man website. Be sure to follow the link in that FAQ entry for more detail.
They may have a good reason but it doesn’t help me 
BTW: I am delighted you shared your Page Rule, it qualifies as the most useful tip I have received in the last 30 days. Thank you!
@linkp we have a couple clients who insist on using Wix.
Do you think adding a Forwarding URL setting (to mail.example.com) would solve the use case where we want certs for IMAP/POP3/SMTP?
I am not following the configuration in your Wix scenario, but it should probably be its own topic as it seems unrelated to this one.
When connecting to IMAP on port 993, Dovecot needs a certificate, in this example, we’ll assume a Let’s Encrypt certificate.
Using your magic we can get that cert for the website and share it with Dovecot, however we have clients that use another provider for their website, I was curious if your magic works in this case. I may, however it seems you haven’t tested it.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.