When I try to get the certificate “Let’s encrypt” I get an error.
I am using cloudflare.Proxy and SSL/TLS encryption mode is disabled.I use nginx + php-fpm as a web server(). Hestia Control Panel v1.7.3 Ubuntu 22.04.2 LTS Here is what I found in the logs.
nginx: configuration file /etc/nginx/nginx.conf test is successful
Let’s Debug :
Test result for my-domain.com using http-01
You cannot disable IPv6 when using the Cloudflare proxy. Traffic from Cloudflare to the origin server will (surprisingly) always prefer IPv4 when both an A and AAAA record have been created in Cloudflare DNS. Since Hestia CP does not currently support IPv6, there is no reason to add a AAAA record to Cloudflare DNS. When proxied, a AAAA record will still be published, but traffic to the origin will use IPv4.
This is the secret. When using ACME HTTP-01 challenges, it is important to configure Cloudflare to not interfere with the challenge. I exclude the .well-known/acme-challenge path from HTTPS and caching. I really need to author a comprehensive guide that I can just link to.