Certificate Renwal under cloudflare

When the 90day cpanel certificate would expire was getting this message from autossl: DNS DCV: No local authority: “askitops.com”; HTTP DCV: “Sectigo” forbids DCV HTTP redirections.

This was coming out of Sectigo validation. Did some searches discussing what to do – this document had me disabling cloudflare to renew the certificate https://community.cloudflare.com/t/installing-cloudflare-origin-ssl-in-cpanel-which-is-the-right-method/397424 or disable ssl on the hosted environment, that is a non-starter since I wanted to keep ssl though access paths and not have an external ssl termination.

It also recommendend using Cloudflare Origin CA certificate documented in https://developers.cloudflare.com/ssl/origin-configuration/origin-ca

That looked straightfoward, but since I also had Let’s Encrypt set up as alternate ssl provider I tried cutting autossl over to it. This worked without issue so I will stay with Let’s Encrypt for now.