If you use Cloudflare with your commercebuild site, you may experience SSL certificate renewal failures that can cause your site to become inaccessible. This happens when Cloudflare's security features block our SSL certificate provider (Let's Encrypt) from verifying domain ownership.
Our system automatically renews SSL certificates every 3 months. During renewal, Let's Encrypt needs to access a specific URL on your domain: yourdomain.com/.well-known/acme-challenge/
Cloudflare's WAF (Web Application Firewall) can sometimes block these verification requests, preventing certificate renewal and causing SSL errors.
Solution
Create a Cloudflare WAF custom rule to allow SSL verification requests:
- Navigate to WAF Settings
- Go to Security → WAF → Custom Rules in your Cloudflare dashboard
- Create Rule
- Click "Create Rule"
- Rule name:
Allow SSL Verification
- Configure Rule
- Field: URI Path
- Operator: contains
- Value:
.well-known/acme-challenge - Action: Skip (or Allow)
- Save Rule
- Leave rule order as "Last"
- Click "Save"
Adding this rule ensures that future SSL certificate renewals will complete successfully without manual intervention, preventing site downtime due to SSL certificate issues.
Note: This rule specifically allows the ACME challenge path used by Let's Encrypt for domain verification while maintaining your other security settings.