For some time, I’ve hidden my nextclould behind CF zero trust. When refreshing certificates via letsencrypt I would manually disable the tunnel, refresh and re-enable the tunnel. Now that letsencrypt will no longer notify me via email I need a more robust (read automated) way of refreshing certs. Do I have any options other than disabling zero trust? (the advantage would be I no longer need vpn to have the mobile app working).
Maybe you can use letsencrypt’s DNS-01 challenge. That works without an HTTP connection. But ultimately, I don’t think you need a certificate on the server, doesn’t Cloudflare tunnel the traffic (unencrypted) and terminate the HTTPS on their side?
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
selfh.st Newsletter and index of selfhosted software and apps
Maybe you can use letsencrypt’s DNS-01 challenge. That works without an HTTP connection. But ultimately, I don’t think you need a certificate on the server, doesn’t Cloudflare tunnel the traffic (unencrypted) and terminate the HTTPS on their side?
Thanks for the reply, among all answers I chose this. Just because it works for me.
It can be unencrypted, but isn’t a requirement.