Hopefully you all can help!
I’ve been to hundreds of threads over the last few days trying to puzzle this out, with no luck.
The problem:
- Caddy v2 with acme HTTP-1 ACME challenge (Changed from TLS-ALPN challenge)
- Cloudflair DNS with proxy ON
- All cloudflair https is off
- This is a .co domain
Any attempt to get certificates fails with an invalid challenge response. If I try and navigate (or curl) to the challenge directly I always get SSL validation errors as if all the requests are trying to upgrade to HTTPS.
I’m kind of at my wit’s end here and am running out of things to try.
If I turn Cloud flare proxy off and go back to TLS-ALPN challenge, everything works as expected. However I do not wish to expose myself directly and want to use the proxy.
What should I be doing?
It is easier to think of the SSL termination in legs.
If, however, you want to directly expose your service without orange cloud (running a game server on the same subdomain for example), then you’d disable the orange cloud and do Let’s Encrypt or deploy your own certificate on your reverse proxy.