• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue DNS Integration for Cloudflare stop working

T

tanasis

Regular Pleskian
Server operating system version
AlmaLinux 8.10
Plesk version and microupdate number
Version 18.0.62 Update #1
Hello,
DNS Integration for Cloudflare stop working.

Connection to Cloudflare is OK. I have also Update credentials.

The error is:
Could not issue/renew Let`s Encrypt certificates....
image5180.jpg


The only way to renew is to pause Cloudflare, renwew it, and then unpause Cloudflare.

Any help??
 
That only shows that the domain is synced with CloudFlare. It does not indicate show if it's peroxided.

You can expanding (open) the domain details to see if records for the domain are proxied.
Screenshot 2024-07-20 201107.png
 
Yes, that indicates the domain is proxied by Cloudflare.

If issuing the certificate works without using Cloudflare the request (to access the ACME validation from Let's Encrypt) probably get blocked by Cloudflare. It is best to review your domain settings on Cloudflare. But it might also be worth to check if there aren't any IP's banned from Cloudflare by fail2ban on your server.
 
Kaspar@Plesk said:
Yes, that indicates the domain is proxied by Cloudflare.

If issuing the certificate works without using Cloudflare the request (to access the ACME validation from Let's Encrypt) probably get blocked by Cloudflare. It is best to review your domain settings on Cloudflare. But it might also be worth to check if there aren't any IP's banned from Cloudflare by fail2ban on your server.
Click to expand...

It is not only in one domain. This happened to all domains that I have in my server and there are in Cloudflare.
 
@othmaqsa, could you please confirm if the SSL certificates that are failing have the wildcard option enabled and if auto-sync is enabled in the DNS Integration for Cloudflare extension?
 
Thank you for the confirmation. When the wildcard option is enabled the SSL validation occurs through an _acme-challenge TXT record. In theory, since you have auto-sync enabled, that should happen automatically. However, there is currently a known bug (EXTPLESK-5633) which prevents the synchronization of the TXT record with the Cloudflare DNS zone. Unfortunately, I cannot provide an ETA for the resolution of the bug. Please try applying the workaround from the following article:

 
@Sebahat.hadzhi , thank you for your message.

Is there anyway to sync automatically the _acme-challenge TXT record when I'm using the SSL/TLS encryption mode Full Strict ?

1 site, I can do it manually, but now I have several sites and it's hard to do it manually, knowing that the this txt record expires after 3 months and I will not be notified.

Thank you!
 
No, unfortunately, I can't suggest an alternative for automatically updating the record on Cloudflare's end. Apart from manually updating it, what else I can suggest is switching the DNS to Plesk or using a non-wildcard certificates.
I know that people have had success following this guide in the past. However, please note that this is not an official Plesk guide, I have not tested it myself, so I cannot guarantee how well it works and that it won't lead to issues. Therefore, it should be followed at one's own risk.
 
You must log in or register to reply here.

Similar threads

C
Question Plesk with Cloudflare Proxy DNS Records and Letsencrypt..
Replies
0
Views
961
cpulove
C
DNanchew
Issue Plesk SSL and Domain inaccessibility problem
Replies
6
Views
474
Raul A.
R
C
Question How can I secure my Mail with Letsencrypt next to Cloudflares Origin Certificate in Plesk?
Replies
4
Views
1K
cpulove
C
S
Issue Plesk not showing correct IPs in error logs and is blocking cloudflare IPs in fail 2 ban resulting in server going down.
Replies
4
Views
932
sulabhpuri
S
C
Issue Cloudflare Origin SSL Zertifikate does work and protect
Replies
1
Views
1K
cpulove
C
Back
Top