Auto SSL Let's Encrypt
As I understand it, there are two methods that Let's Encrypt and WHM uses to verify a domain
1) HTTP-based DCV (Default)
-
How it works:
-
WHM creates a temporary file in the website folder
http://yourdomain.com/.well-known/acme-challenge/ -
Let's Encrypt tries to access that file via HTTP (
http://yourdomain.com/.well-known/acme-challenge/...). -
If it can access the file, the domain is verified.
-
-
Issues with Cloudflare:
-
If Cloudflare’s proxy (orange cloud ☁️) is enabled, it can block or interfere with HTTP validation.
-
Can be solved by setting up a Page Rule in Cloudflare to allow
/.well-known/acme-challenge/*.
-
2) DNS-based DCV (ACME DNS Challenge)
-
How it works:
-
WHM creates a temporary TXT record in the WHM DNS zone (
_acme-challenge.yourdomain.com). with a token. -
Let’s Encrypt checks if the TXT record exists and matches the expected value.
-
If successful, the domain is verified.
-
-
Issues with Cloudflare:
-
If Cloudflare manages your DNS, you must manually update the TXT record each time the token changes.
-
Or disable Cloudflare temporarily to allow Auto SSL to run without impediment.
-
Since I use Cloudflare, I would prefer to be able to force the use of option 1) HTTP-based DCV method.
Is there a way to be able to specify this in the WHM Let's Encrypt settings? If so how, if not, why not!
I was not able to see anything in the DCV Methods Auto SSL options page.
-
Hey there! No, there isn't a way to specifically force one or another.
0
Please sign in to leave a comment.
Comments
1 comment