LetsEncrypt SSL Doesnt Renew with Cloudflare Enabled

For some reason auto SSL renewal fails when my site is on Cloudflare Full.

Error when trying to renew manually from panel:
Error: Let’s Encrypt validation status 400 (sub.domain.com). Details: 403:“During secondary validation: 2606:4700:3035::ac43:ddda: Invalid response from http://sub.domain.com/.well-known/acme-challenge/6FszQ0kGlB-UV89Y_-DW0oNBdkPnhTTElM-UOehGhe4: 403”

I tried disabling Cloudflare from the subdomain temporarily and it renewed successfully.

Is Hestia unable to fetch a LetsEncrypt SSL if Cloudflare FULL is enabled?

Welcome to the HestiaCP forum.

First, please use Full (strict) instead of simply Full. More than likely you have configured Cloudflare in a way that disturbs the ACME HTTP-01 challenge. You may want to consider reviewing the following settings that I use with Cloudflare and Let’s Encrypt.

1 Like