Can someone from the technical team explain how Webflow renews SSL certificates?
Usually, when Let’s Encrypt validates an ACME challenge, it checks a path like this: mydomain.tld/.well-known/acme-challenge/abc123xyz
where abc123xyz
is a text file containing the challenge token.
After the challenge is validated, the SSL certificate is renewed. However, when the domain is behind a Cloudflare Proxy, setting up an SSL-excluding route for the /.well-known/acme-challenge/*
path prevents Webflow from renewing certificates.
This is puzzling because the ACME challenge validation endpoint routes directly to Webflow over plain HTTP. Does Webflow implement additional validation measures, such as server IP or other path checks, to verify that the site isn’t running behind a Cloudflare Proxy?
I would appreciate understanding why Webflow hasn’t addressed this workflow despite numerous community discussions about this issue. Having to disable Cloudflare Proxy every 90 days for certificate renewal, or upgrading to an enterprise plan for such a basic functionality, isn’t a practical solution for most users.