Facebook
Twitter- Server operating system version
- Debian 12
- Plesk version and microupdate number
- Plesk Obsidian 18.0.64 Update 1
Hey, maybe there is some help out there with my Cloudflare DNS/SSL Setup.
I have some issues with Letsencrypt Certs while using a domain with Cloudflare and its proxy function, looking for a way, to solve this issue:
I've setup a NS with "_acme-challenge" and "domain name" to autorenew the Letsencrypt certificates with the Cloudflare DNS Extension in Plesk, which works fine.
But as soon as I enable a proxy for an A, AAAA or CNAME record, I get the "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" error.
I know that the Cloudflare Client Certificate is able to protect all the web traffic with SSL, but unfortunately not e-mail traffic.
So my question:
Is it possible, to use the origin Cloudlfare certificate for the main domain web traffic and webmail and use proxy there, but keep the Letsencrypt certificate for all the e-mail traffic of the domain and do not proxy this email subdomain? Will Letsencrypt keep working/renewing itself only for the mail.xxx.xx subdomain and use the origin Cloudflare cert for all the rest?
If so, how is the way to setup this the right way in Plesk, both certs, Cloudlfare and Letsencrypt side by side?
I need to solve this problem, as I run some Nextcloud subdomains with IPv6 DNS only, and I do need the Cloudflare proxy option, to get a valid IPv4 for these Subdomains, as Nextcloud internal updates and App downloads are only working with an IPv4 so far. And of course I do not want to manually renew the certificates, every 3 month!
Help would be nice.
I have some issues with Letsencrypt Certs while using a domain with Cloudflare and its proxy function, looking for a way, to solve this issue:
I've setup a NS with "_acme-challenge" and "domain name" to autorenew the Letsencrypt certificates with the Cloudflare DNS Extension in Plesk, which works fine.
But as soon as I enable a proxy for an A, AAAA or CNAME record, I get the "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" error.
I know that the Cloudflare Client Certificate is able to protect all the web traffic with SSL, but unfortunately not e-mail traffic.
So my question:
Is it possible, to use the origin Cloudlfare certificate for the main domain web traffic and webmail and use proxy there, but keep the Letsencrypt certificate for all the e-mail traffic of the domain and do not proxy this email subdomain? Will Letsencrypt keep working/renewing itself only for the mail.xxx.xx subdomain and use the origin Cloudflare cert for all the rest?
If so, how is the way to setup this the right way in Plesk, both certs, Cloudlfare and Letsencrypt side by side?
I need to solve this problem, as I run some Nextcloud subdomains with IPv6 DNS only, and I do need the Cloudflare proxy option, to get a valid IPv4 for these Subdomains, as Nextcloud internal updates and App downloads are only working with an IPv4 so far. And of course I do not want to manually renew the certificates, every 3 month!
Help would be nice.
