Let’s Encrypt Wildcard SSL

If you’re not using CloudFlare, the answer for all 3 questions is yes. However, having a CDN on top of everything ads a bit of complexity. With CloudFlare, you must have wildcard LE cert for the server – CF connection and then you need to use the CF cert for the connection between the end points and visitors. Plus, you need to use www. In your case, my advice would be to go without CloudFlare for this setup unless you 100% need it. Probably, using a CDN just for resources is better option for you.

Best,
Hristo

Hi @hristo-sg

Thanks for your reply. I currently have it setup except I am not using the SG Optimizer plugin yet and I am using individual LE certs for each sub domain. In the browser it shows cloudflare certs. This is non-WWW too.

So I am happy with everything as it is now, but I am just wondering instead of using individual LE certs if I can change to one Wildcard cert?

Also I have to turn the orange cloud off to register the LE cert and then turn it back on after. Does this mean that when it comes to autorenew it will fail, or does it only need the orange cloud to be turned off the first time it is registered?

Thank you so much.
Sam

Hi @hristo-sg.

Just an update. I tried pausing cloudflare.com, but it won’t let me register the LE Wildcard Cert.

See here for the screenshot of this: https://drive.google.com/open?id=14avN5XtPCMzs49q_CppL7M42l6nXLXKT

Can I change my Nameservers to SiteGround, register the LE Wildcard and then change my Nameservers back to cloudflare?

Will the certificate still be able to renew? Or will this way cause a problem in the future?

Much appreciated,
Sam

LE does NS verification before issuing a certificate. You need to point NS records to our servers before issuing a certificate. Switching back will cause problems with the renewal for sure. We can’t reissue or renew certificates for domains not pointed to us.

Hi @hristo-sg.

Thank you for the info, its really appreciated. Could you answer 2 more questions please:

1) I assume that when you say the LE certs will not autorenew if we change the nameservers back to cloudflare, that you specifically mean the LE Wildcards. So the regular LE certs will renew even when their domain’s name server points to cloudflare.

2) If we purchase a SiteGround Wildcard SSL certificate and then change the nameservers for that domain to cloudflare, will it be able to autorenew every 12 months, or will it have the same problem?

Thanks so much,
Sam

Hi @hristo-sg,

I think this got lost. I would be very grateful if you could provide an answer so I can make a plan about what to do ??

Many thanks,
Sam

Sorry for the delayed reply.

1. I mean that every LE certificate has to be pointed to our servers for it to autorenew.
2. No, you will have the same problem.

Much Appreciated @hristo-sg, this seems to conflict with that’s actually happening though for 2 reasons.

1) We have 4 single WP sites on SiteGround using Let’s Encrypt individual certs and then connected Cloudflare and those have been autorenewing fine. Is this a recent change affecting this and will it cause them to fail in future?

2) We also think it has been working on subsites with individual let’s encrypt certs and then cloudflare, but we are not sure if they have renewed yet, we need to check at a later date.

This issue is quite confusing and we would much rather renew the ssl certificates while having our nameservers pointing to cloudflare.

Hi @hristo-sg,

I think this got lost again. I would be very grateful if this situation can be cleared up a bit more ??

Many thanks,
Sam

Please, post a ticket in your Help Desk so our support team can look into the actual configuration of your sites because it’s difficult to do it here without proper access to the site.