Letsencrypt not working with cloudflare about wordops HOT 14 CLOSED

Apologies for the confusion and bugs; we decided to switch the SSL/TLS stack to ACME.sh - since it's easier to maintain and is able to deal with newer functionality. There is no point in reinventing the wheel, if it's already been done in a very proper way.

However, some commands need to be rerouted and fixed. ACME.sh has a different syntax, so I'll adjust WordOps to do some magic, in order to discover whether CF is being used or whether it's a primary domain or subdomain. I'll keep you up to date.

from wordops.

This doesn't work: wo site create/update site.com --le

But this works: ee site create/update site.com --le

Though of course the proxy has to be temporarily off in CF before running the command. I'd like to move all the sites to wo instead of ee but this is holding me back for now.

from wordops.

did you wo update domain.ltd --le with the active cloudflare proxy? this does not work

from wordops.

Hey juanpvh, it used to work on easyengine. Anyway I can have cf + letsencrypt on wordops?

from wordops.

you can use letsencrypt with cloudflare, but the proxy must be disabled to avoid causing conflict.
The best way to use the certificate is to use acme-cloudflare, you can use the certificate of the cloudflare itself with proxy and using full (strict) -Crypto option and the other cloudflare options. See this https://github.com/VirtuBox/ee-acme-sh

from wordops.

@juanpvh Sorry, I didn't understand.
So Basically I shoud use virtubox script, and getting the LE from there? Using the origin cert from cloudflare? Is that It?
I think figured it out about the error, cloudflare doesn't support ECDSA bigger than 256 bits, seems like wordops uses 364 bits.
Can you explain a little more what you mean with acme-cloudflare?
Can virtubox script generate a specific 256 ECDSA? I tought that it was only 364. Always...

from wordops.

acme will generate the certificate of the cloudflare itself and install on your server. Acme will do this integration between your server and cloudflare. The Cloudflare Certificate has more validity, I like that.

from wordops.

@manacim i tryed that. Didn't work. You mean using the wo alias se, or the "real" easyengine script.
Man that could be fixed if someone could refactor the virtubox ee-acme to emit a cloudflare compatible cypher. Somethin line --le256 or somethin.

from wordops.

@willkoga using the original EEv3 command works with Let's Encrypt and CloudFlare.

from wordops.

Just did a fresh install on Debian 8, error log shows:

2018-12-24 02:38:09,972 (DEBUG) wo : Running command: /usr/local/bin/wo-acme -s example.com --standalone
2018-12-24 02:38:09,974 (DEBUG) wo : Command Output: ,
Command Error: /bin/sh: 1: /usr/local/bin/wo-acme: not found

from wordops.

@jeroenops any news on that? I'm itching to try wordops

from wordops.

@jeroenops Also itching. And there is no activity on the Repo :( Everything all right?

from wordops.

tryed that. Didn't work. You mean using the wo alias se, or the "real" easyengine script.
Man that could be fixed if someone could refactor the virtubox ee-acme to emit a cloudflare compatible cypher. Somethin line --le256 or somethin.

This is not related to ECDSA keylength, I'm using 384 Bits certs with Cloudflare on several sites without problem. I think it was probably due to nginx ssl_ciphers suite, or to missing ssl_ecdh_curve directive.

from wordops.

After running tests with the new nginx build and 384 bits ECDSA certificates with Cloudflare proxy enabled, there isn't any issue anymore.
So I'm closing this issue.

from wordops.