Sudden "Error during automated certificate renewal for {domain}" for ALL Cloudflare domains

T

TechDaddies

Verified User
Joined
May 3, 2020
Messages
35
Out of nowhere, we started getting this error for each and every hosted domain that is proxied through Cloudflare. I'm not sure what updates we may have made when this started happening, but it's impacting all of the Cloudflare-proxied domains.

Is DA just checking the A records of the domains to see if they're pointed at the server and then just not doing SSL renewal if it doesn't match the server? If so, is there a way to disable this feature so that it attempts it regardless of DNS?
 
Bump. Still haven't figured out what's going on and why suddenly all Lets Encrypt renewals are failing.
 
As an update to this issue, here is what the error message says for every domain, every single day (Obvious placeholder {domain} is used here to anonymize)

{domain} was skipped due to unreachable {domain}/.well-known/acme-challenge/ file.
{domain} was skipped due to unreachable {domain}/.well-known/acme-challenge/ file.
No domains pointing to this server to generate the certificate for.
Click to expand...

So then I logged in to {domain}'s DA account and went to the SSL section and told it to renew the Let's Encrypt certificate, and it went through just fine. Continued to do this with several other "failing" domains and each succeeded without issue.

This seems like some sort of bug to me. It started happening out of nowhere, is affecting hundreds of domains on our system, and manually logging in to the account and renewing solves the issue. @smtalk or @fln or anyone at DA, can you advise?
 
Don't know cloudflare does this ?

Or look search for the cloudflare settng you have to to for ssl and dns there.

questions-about-renewing-before-tls-alpn-01-revocation letsencrypt

https://community.letsencrypt.org/t/questions-about-renewing-before-tls-alpn-01-revocations/170449 If you are having problems renewing your certificate with the TLS-ALPN-01 challenge before the planned revocation on 28 January 2022, please reply here to get help. This planned revocation only...
forum.directadmin.com forum.directadmin.com
 
I don't understand what you're saying. We have *NEVER* had this issue before. Suddenly overnight, all domains are failing to renew their certs.

I also just noticed that when manually renewing, it was skipping the root domain and www subdomain, and only issuing certificates for the mail, pop, smtp subdomains.

Changing the SSL setting at Cloudflare to Flexible allows the renewal to go through, but that obviously isn't a long term solution.
 
Were you able to fix this? I'm having the same issue, same scenario (Cloudflare used as DNS server)
 
No. We've just been manually renewing the domains as the failures come through, and hope that the auto renewal goes through next time it's due.
 
You must log in or register to reply here.
Back
Top