Introduction
When using both CloudFlare and AutoSSL via Sectigo, users commonly receive an error
"Local HTTP DCV error (domain.com): The content "<html> <head><title>301
Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently
</h1></center> <hr><center> …" of the DCV (Domain Control Validation) file,
as accessed at
"https://domain.com/.well-known/pki-validation/69B2BC6319C8DE110EC2596BFCA07878.txt"
and redirected from
"http://domain.com/.well-known/pki-validation/69B2BC6319C8DE110EC2596BFCA07878.txt",
did not match the expected value."
This is because Sectigo does not support following redirects.
Procedure
To use CloudFlare, DNS must be pointed at the CloudFlare nameservers, preventing the domain from using DNS domain control validation.
What is the difference between HTTP DCV and DNS DCV?
As only HTTP DCV can be used, to resolve this error, you would need to disable "Always Use HTTPS" in Cloudflare.
To find and adjust this option:
- Log into your CloudFlare account.
- Once logged in, you will be presented with a list of your CloudFlare-managed domains. Find the domain in question and click on it.
- Click the dropdown next to "SSL/TLS" and select "Edge Certificates."
- Scroll down to "Always Use HTTPS" and ensure it is disabled.
CloudFlare has more information on their redirection methods available in their documentation:
Enforce HTTPS connections | CloudFlare Docs
If you would like to use CloudFlare's HTTPS redirections, you should consider reviewing our guidance on what to avoid redirecting:
How does WHM allow AutoSSL DCV check to complete when using HTTPS redirects?
This information could be applied to the "Dynamic Redirects" feature of CloudFlare, redirecting everything other than the ".well-known" directory to HTTPS, similar to how this guide from CloudFlare only redirects the admin area of a site:
Redirect admin area requests to HTTPS | Example rules - Redirects (CloudFlare Docs)
Additionally, you can also install SSL certificates via Let's Encrypt as Let's Encrypt allows for redirections. More on installing Let's Encrypt can be found here:
Comments
0 comments
Article is closed for comments.