Issue DNS Integration for Cloudflare stop working

[tanasis]

Server operating system version

AlmaLinux 8.10

Plesk version and microupdate number

Version 18.0.62 Update #1

Hello,
DNS Integration for Cloudflare stop working.

Connection to Cloudflare is OK. I have also Update credentials.

The error is:
Could not issue/renew Let`s Encrypt certificates....



The only way to renew is to pause Cloudflare, renwew it, and then unpause Cloudflare.

Any help??

 

[Kaspar@Plesk]

Is the CloudFlare proxy enabled for the domain?

 

[tanasis]

Is the CloudFlare proxy enabled for the domain?

Yes from Cloudflare


Yes from Plesk / Cloudflare DNS plugin

 

[Kaspar@Plesk]

That only shows that the domain is synced with CloudFlare. It does not indicate show if it's peroxided.

You can expanding (open) the domain details to see if records for the domain are proxied.

 

[tanasis]

That only shows that the domain is synced with CloudFlare. It does not indicate show if it's peroxided.

You can expanding (open) the domain details to see if records for the domain are proxied.
View attachment 26697

I think it is.
Please have a look.

 

[Kaspar@Plesk]

Yes, that indicates the domain is proxied by Cloudflare.

If issuing the certificate works without using Cloudflare the request (to access the ACME validation from Let's Encrypt) probably get blocked by Cloudflare. It is best to review your domain settings on Cloudflare. But it might also be worth to check if there aren't any IP's banned from Cloudflare by fail2ban on your server.

 

[tanasis]

Yes, that indicates the domain is proxied by Cloudflare.

If issuing the certificate works without using Cloudflare the request (to access the ACME validation from Let's Encrypt) probably get blocked by Cloudflare. It is best to review your domain settings on Cloudflare. But it might also be worth to check if there aren't any IP's banned from Cloudflare by fail2ban on your server.

It is not only in one domain. This happened to all domains that I have in my server and there are in Cloudflare.

 

[tanasis]

Any other help?

 

[Kaspar@Plesk]

But it might also be worth to check if there aren't any IP's banned from Cloudflare by fail2ban on your server.

^^^

 

[tanasis]

Hello,
I'm using Imunify360 and I don't have any dropped of these IPs ( IP Ranges )
Shall I open an ticket to support ?

 

[Kaspar@Plesk]

Shall I open an ticket to support ?

That's probably best

 

[othmaqsa]

@tanasis Have you found a solution to this problem please?
Thanks.

 

[Sebahat.hadzhi]

@othmaqsa, could you please confirm if the SSL certificates that are failing have the wildcard option enabled and if auto-sync is enabled in the DNS Integration for Cloudflare extension?

 

[othmaqsa]

@othmaqsa, could you please confirm if the SSL certificates that are failing have the wildcard option enabled and if auto-sync is enabled in the DNS Integration for Cloudflare extension?

@Sebahat.hadzhi , Yes I confirm.

Can you help me to resolve this issue ?

 

[othmaqsa]

Hello,
I'm using Imunify360 and I don't have any dropped of these IPs ( IP Ranges )
Shall I open an ticket to support ?

Have you solved the issue?

 

[Sebahat.hadzhi]

Thank you for the confirmation. When the wildcard option is enabled the SSL validation occurs through an _acme-challenge TXT record. In theory, since you have auto-sync enabled, that should happen automatically. However, there is currently a known bug (EXTPLESK-5633) which prevents the synchronization of the TXT record with the Cloudflare DNS zone. Unfortunately, I cannot provide an ETA for the resolution of the bug. Please try applying the workaround from the following article:

• https://support.plesk.com/hc/en-us/...SSL-automatically-even-with-Auto-sync-enabled

 

[othmaqsa]

@Sebahat.hadzhi , thank you for your message.

Is there anyway to sync automatically the _acme-challenge TXT record when I'm using the SSL/TLS encryption mode Full Strict ?

1 site, I can do it manually, but now I have several sites and it's hard to do it manually, knowing that the this txt record expires after 3 months and I will not be notified.

Thank you!

 

[tanasis]

No, I didn’t solve th e problem.

 

[Sebahat.hadzhi]

No, unfortunately, I can't suggest an alternative for automatically updating the record on Cloudflare's end. Apart from manually updating it, what else I can suggest is switching the DNS to Plesk or using a non-wildcard certificates.
I know that people have had success following this guide in the past. However, please note that this is not an official Plesk guide, I have not tested it myself, so I cannot guarantee how well it works and that it won't lead to issues. Therefore, it should be followed at one's own risk.