I am running several domains on a Plesk-managed VPS and have been using Let’s Encrypt for SSL certificates without issue until I enabled Cloudflare proxy (orange cloud) on a few domains.
Since then; Let’s Encrypt renewals randomly fail with timeout / verification errors; even though the sites are reachable & DNS is correct. Switching Cloudflare to “DNS only” allows the renewal to succeed. 
It seems like the Let’s Encrypt challenge can’t see the ACME verification files or headers are being stripped by Cloudflare’s reverse proxy. I have tried setting up a .well-known rewrite exclusion in .htaccess & even used the DNS challenge instead of HTTP—but Plesk’s default setup prefers HTTP-01 and doesn’t switch cleanly.
This raises concerns for unattended renewals & automation reliability. Checked https://docs.plesk.com/en-US/onyx/admin ... %20aliases. documentation guide for reference. Has anyone found a reliable way to use Let’s Encrypt and Cloudflare proxying together in a Plesk environment?
Are there CISSP Training module or config tweaks to force DNS challenge or bypass Cloudflare for the challenge route? Thank you !!
