Docker

I have projects on my local machine that nobody else has seen. Not because the ideas were bad, but because getting from localhost to a real URL felt like too much work. Setting up a server takes time. So does DNS, SSL, and deployment scripts. By the time it’s all done, the motivation is usually gone.

Traefik uses HTTP-01 ACME challenge by default. The way it works is: Let’s Encrypt sends a request to http://yourdomain/.well-known/acme-challenge/<token> and checks that Traefik responds with the right token. If it does, cert issued. The problem is Cloudflare. When the orange cloud proxy is on, Let’s Encrypt’s request hits Cloudflare’s servers, not your origin. Traefik placed the challenge token on the origin. Cloudflare has no idea it’s there. It returns a 404. Let’s Encrypt fails the validation. No cert.