How SSL renewals work with FlyingCDN

Two types of SSL renewals

There are two main types of SSL renewal processes: DNS-01 challenge and HTTP-01 challenge.

DNS-01 challenge

The DNS-01 challenge proves your ownership of a domain by creating a specific DNS TXT record, often named "_acme-challenge".

HTTP-01 challenge

The HTTP-01 challenge involves placing a specific file on your web server that can be accessed via HTTP. The URL will look like: http://yourdomain.com/.well-known/acme-challenge/<token>

Let's Encrypt will call this URL to validate the token. If the token is correct and the file is accessible, the validation will succeed.

SSL renewals in FlyingCDN

FlyingCDN issues wildcard SSL certificates using the DNS-01 challenge. As long as the "_acme-challenge" record for FlyingCDN is in place, the SSL certificate will renew automatically without you requiring any changes.

SSL renewals on your hosting/server

We recommend using the HTTP-01 challenge for SSL certificates on your hosting server to avoid conflicts with FlyingCDN's SSL. FlyingCDN automatically bypasses requests for HTTP-01 (/.well-known/), allowing your server to send the correct token for the challenge.

If your SSL renewals are failing

- Ask your hosting provider to use the HTTP-01 challenge.
- Avoid using wildcard SSL certificates on your origin server.

A common misconception is that DNS should be pointed to the server IP. However, this is not required as long as the "_acme-challenge" for FlyingCDN is added, and the IP is pointed to FlyingCDN.

Here is an example in Cloudways:

Updated on: 15/06/2024