For some time, I’ve hidden my nextclould behind CF zero trust. When refreshing certificates via letsencrypt I would manually disable the tunnel, refresh and re-enable the tunnel. Now that letsencrypt will no longer notify me via email I need a more robust (read automated) way of refreshing certs. Do I have any options other than disabling zero trust? (the advantage would be I no longer need vpn to have the mobile app working).
Behind a cloudflare tunnel you can use a self signed or expired certificate, just check the “no TLS verify” checkbox
hendrik@palaver.p3x.de 1 month ago
Maybe you can use letsencrypt's DNS-01 challenge. That works without an HTTP connection. But ultimately, I don't think you need a certificate on the server anyways, doesn't Cloudflare tunnel the traffic unencrypted?
KairuByte@lemmy.dbzer0.com 1 month ago
It can be unencrypted, but isn’t a requirement.
cctl01@feddit.nl 1 month ago
Thanks for the reply, among all answers I chose this. Just because it works for me.