When I try to get the certificate “Let’s encrypt” I get an error.
I am using cloudflare.Proxy and SSL/TLS encryption mode is disabled.I use nginx + php-fpm as a web server(). Hestia Control Panel v1.7.3 Ubuntu 22.04.2 LTS Here is what I found in the logs.
nginx
nginx: configuration file /etc/nginx/nginx.conf test is successful
Let’s Debug :
Test result for my-domain.com using http-01
All OK!
OK
Thanks for the help. I delved into the topic and learned a lot about certificates. The problem was the error related to incorrectly specified dns for www.
You cannot disable IPv6 when using the Cloudflare proxy. Traffic from Cloudflare to the origin server will (surprisingly) always prefer IPv4 when both an A and AAAA record have been created in Cloudflare DNS. Since Hestia CP does not currently support IPv6, there is no reason to add a AAAA record to Cloudflare DNS. When proxied, a AAAA record will still be published, but traffic to the origin will use IPv4.
This is the secret. When using ACME HTTP-01 challenges, it is important to configure Cloudflare to not interfere with the challenge. I exclude the .well-known/acme-challenge path from HTTPS and caching. I really need to author a comprehensive guide that I can just link to.