Hello, Im trying to deploy a server who's URL is proxied via Cloudflare. I can ssh to it through the tunnel, however my LetsEncrypt is failing to register. I'm unsure what the best way to allow this through is, I have added the server to a cloudflare tunnel, added the http/s options in the zero access "public hostname" entry, and added a page rule to disable SSL on the .well-known/acme-challenge route, to no avail. What else should I try? Thank you

Try disabling the proxy until the certificate is issued

That means my renewal would break though right unless I manually disabled it each time?

You can just use the CF-provided Origin Certificate, which doesn’t require revalidation

I may be misunderstanding the role of cloudflare here. It seems that using lets encrypt is too much work to be worth it. I have now created a tunnel, and connected my server to it (I had some problems generating a tunnel and a config it seemed like i could only do one or the other from the ui?). I have set up an origin certificate, and set my servers NGINX to use it for SSL over localhost. I am then setting up a public hostname on the tunnel to forward to https://localhost:443 which I believe will route requests through the tunnel? However this only fives me anything other than 503 if I enable the noTLSVerify option in the public hostname, which feels like it defeats the purpose because I dont believe im using the correct certs now

HTTP & HTTPS can be handled by pointing Tunnel to `http://localhost`(note the

http

, not

https

). SSH is a bit more complex, as it requires Zero Trust to set up, but it still shouldn't be too difficult.