For some time, I’ve hidden my nextclould behind CF zero trust. When refreshing certificates via letsencrypt I would manually disable the tunnel, refresh and re-enable the tunnel. Now that letsencrypt will no longer notify me via email I need a more robust (read automated) way of refreshing certs. Do I have any options other than disabling zero trust? (the advantage would be I no longer need vpn to have the mobile app working).

  • @Moonrise2473@feddit.itEnglish
    52 days ago

    Behind a cloudflare tunnel you can use a self signed or expired certificate, just check the “no TLS verify” checkbox

    Edit: or use DNS based verification, nginx proxy manager can do it automatically using cloudflare api when behind cloudflare tunnels

    • @cctl01@feddit.nlOPEnglish
      12 days ago

      Thanks for the reply, among all answers I chose this. Just because it works for me.

          • @cctl01@feddit.nlOPEnglish
            21 day ago

            3 people independently advice dns challenge. They all deserve the same appreciation don’t they?

            • @curbstickle@lemmy.dbzer0.comEnglish
              11 day ago

              I don’t think a copy/paste answer comes across as appreciation, no.

              It comes across weird, especially on a low activity account, and seems like a bot response that got stuck.

              • @dreadbeef@lemmy.dbzer0.comEnglish
                11 day ago

                I’m just a passive observer and it’s fine. You can assume it’s a bot but that’s not on them. They seem legitimate and my assumption is maybe English isn’t their first language.

                • @curbstickle@lemmy.dbzer0.comEnglish
                  11 day ago

                  With the other comments since, yeah not a bot. Early on with the long gap, then a post and the same commen t being the only comment - yeah that looks like a bot.

                  Its not an indictment of them, just observation.