For some time, I’ve hidden my nextclould behind CF zero trust. When refreshing certificates via letsencrypt I would manually disable the tunnel, refresh and re-enable the tunnel. Now that letsencrypt will no longer notify me via email I need a more robust (read automated) way of refreshing certs. Do I have any options other than disabling zero trust? (the advantage would be I no longer need vpn to have the mobile app working).
DNS-01 challenge with letsencrypt. Or use cloudflare tunnel and don’t use https internally.
Thanks for the reply, among all answers I chose this. Just because it works for me.