Error: Let’s Encrypt SSL creation failed
The quick and dirty method to get your Let’s Encrypt on the HestiaCP server is to pause Cloudflare long enough to get the certificate issued. You will run into problems come renewal time, although you won’t notice until the certificate on your server expires.
The long term solution to that is to ensure that you don’t have any Cloudflare settings that interfere with the ACME HTTP-01 challenge. The Always Use HTTPS option can have undesired effects.
Another method to consider is to install a Cloudflare Origin CA certificate. This does require that you keep the Cloudflare proxy active and will not work for FTPS or SMTP.
Proxy work for FTPS or SMTP as well, for me.
It cannot. The Cloudflare proxy only supports HTTP and HTTPS unless you are subscribed to Spectrum with an Enterprise agreement. Additionally the Cloudflare Origin CA is not a publicly trusted CA which makes it useless for direct connections, which was my original point.
I see, I understand how to work and I don’t know the solution, sorry, if you need help, use teamviewer or zoom or anydesk, which is fine to pay once.
Here are the Cloudflare settings that I recommend.