Some of my clients set up their domain names behind CDN providers like Cloudflare, Cloudfront, etc.
Regular customer domain will be like that:
- Have unique domain set up under our CNAME the point right to Caddy server.
- Caddy gets the request and sent it to Let’sEncrypt.
- Let’sEncrypt go back to Caddy server and can confirm the website (with HTTP validation)
CDN customers will be like that:
- CNAME record under the CDN provider.
- They get the SSL from the CDN provider.
- Every request from the CDN provider proxy to our Caddy server
- Caddy servers don’t have the SSL for this domain so they try to get one from Let’sEncrypt.
- Let’sEncrypt check the CNAME but got the CDN provider server so can’t validate the domain.
What I can do to make it work?