If you use Cloudflare with your commercebuild site, you may experience SSL certificate renewal failures that can cause your site to become inaccessible. This happens when Cloudflare's security features block our SSL certificate provider (Let's Encrypt) from verifying domain ownership.
Our system automatically renews SSL certificates every 3 months. During renewal, Let's Encrypt needs to access a specific URL on your domain: yourdomain.com/.well-known/acme-challenge/
Cloudflare's WAF (Web Application Firewall) can sometimes block these verification requests, preventing certificate renewal and causing SSL errors.
Solution
Create a Cloudflare WAF custom rule to allow SSL verification requests:
- Navigate to WAF Settings
- Go to Security → WAF → Custom Rules in your Cloudflare dashboard
- Create Rule
- Click "Create Rule"
- Rule name:
Allow SSL Verification
- Configure Rule
- Field: URI Path
- Operator: contains
- Value:
.well-known/acme-challenge - Action: Skip (or Allow)
- Save Rule
- Leave rule order as "Last"
- Click "Save"
Update (New Dashboard)
The navigation structure may appear slightly differently based on whether you are looking at old or new dashboard.
If you are on a new dashboard, you may need to navigate to:
- Cloudflare Dashboard → (select your site) → Security → Security Rules
- Click on Create Rule > Custom Rules
- Add Rule Name:
Allow SSL Verification
- Add Rule Name:
- Configure Rule
- Field: URI Part > Contains >
.well-known/acme-challenge - Action: Skip (or Allow)
- Field: URI Part > Contains >
- Save Rule
- Leave rule order as "Last"
- Click "Deploy"
Adding this rule ensures that future SSL certificate renewals will complete successfully without manual intervention, preventing site downtime due to SSL certificate issues.
Note: This rule specifically allows the ACME challenge path used by Let's Encrypt for domain verification while maintaining your other security settings.