I have the following problem, fresh install Debian 10 with KeyHelp, setup domains, emails etc. I use the enforce SSL & HSTS for all my domains with a Letsencrypt certificate. DNS for the domain is run trough Cloudflare to protect the server IP (no mx host needed). When the toggle in Cloudflare is set to "proxied" and the IP of the domain in dig is a cloudflare IP, the Letsencrypt manual generation with keyhelp-toolbox/maintenance tasks/ssl FAILS, saying that the domain is not locally resolvable. If i deactivate the proxied setting in Cloudflare (and with a dig you can see the real server IP) the generation of certificates works without a problem. First time I thought maybe I've done something wrong while setting the domains up so I re-installed the server but the same error appears. This is very frustrating, one of the main reasons I use cloudflare is for protecting the servers real IP with their services. I know that this is somewhat not the KeyHelp Developers problem since the panel works great without Cloudflare, however maybe somebody knows a solution to make it work behind the Cloudflare proxy.
I tried setting the cloudflare servers as NS servers in the DNS settings of each domain - it doesn't work.
I also tried to completely disable the DNS Zone for the domain, also doesn't work.
No idea what to try next, any help would be appreciated.
Code: Select all
[24-Aug-2021 01:48:04] INFO --> Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-acct".
[24-Aug-2021 01:48:05] INFO --> Start certificate generation.
[24-Aug-2021 01:48:05] INFO --> Token stored at: /home/keyhelp/www/.well-known/acme-challenge/local-check-612425a5863c23.10016847
[24-Aug-2021 01:48:05] INFO --> URL: http://www.domain.com/.well-known/acme-challenge/local-check-612425a5863c23.10016847 | HTTP code: 404 | HTTP body (first 100 chars): <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title><script
[24-Aug-2021 01:48:05] ERROR --> a Let's Encrypt error occurred: Local resolving checks failed for domain "www.domain.com". Please ensure that your domain is locally resolvable!
PS: The domain name has been redacted for privacy.