
I am trying to use Letsencrypt (HTTPS) on my website with Cloudflare (HTTP) but I confuse with this.

  1. the domain doesn't have a root folder

  2. accessing domain will be redirected to one of subdomains

    • domain.com -> sub1.domain.com
  3. I have many subdomains

    • domain.com redirect to sub1.domain.com
    • sub1.domain.com
    • sub2.domain.com
    • etc..

I am using ubuntu server 16.04 with apache.

My question, How to use Letsencrypt to my website with configuration above (domain.com has no root folder ) with Cloudflare?

Thank you

  • https://bjornjohansen.no/wildcard-certificate-letsencrypt-cloudflare – Marcel Mar 04 '19 at 10:34
  • Hi Marcel, As I know the if use letsencrypt it will need to access the .well-known folder. If I use the method above, how about the .well-known folder? sorry for many questions. – Ferdy Sopian Mar 05 '19 at 03:25
  • No, with lets encrypt there are many types of verification of domain ownership. Check their manual. – Marcel Mar 05 '19 at 16:26

1 Answers1


You can setup in apache a vhost for e.g. letsencrypt and Proxy the ".well-known"-folder to this domain.

Step 1: Setup Lets encrypt vhost

<VirtualHost *:80>
    ServerName      lets-encrypt-proxy.domain.com
    DocumentRoot    /var/www/letsencrypt

Step 2: Configure ProxyPass

You can setup this ProxyPass e.g. in /etc/httpd/conf.d/letsencrypt.conf or confire direcly in the specified vhost. If you're setup a file in /etc/httpd/conf.d/letsencrypt.conf copy the following line into this file:

ProxyPass /.well-known/acme-challenge/ http://letsencrypt.domain.com/.well-known/acme-challenge/

Make sure, that in your existing vhost the file correct redirected to the proxypass e.g. or you post the ProxyPass directly to the vhost:

<VirtualHost *:80>
    RewriteEngine On
    RewriteRule ^/?.well-known/acme-challenge/ - [L]