Access and blocking .well-known for https cert
Yea, it looks like you have an application for blocking access to the subdomain, and then a bypass just for booking-form/website?
If you add another bypass for the path
.well-known, you should be set, and the cert should try to renew after a bit and succeed.
Http Validation needs let's encrypt to have access that path for challenges, example:
https://console.rutherfordspunting.com/.well-known/acme-challenge/tuWtltVU7Nn_WahsFTz-ZA0ebMJGvBxrFNlKdLYD6pZnNG5Q1Nky8oqQDEuWumUA
to renew properly8 Replies
Thank you for this. We’ve set up the rule. Any idea how frequently it will retry?
Not sure. You could remove and readd the Pages custom domain, would probably be the fastest way to fix it. Otherwise if you can wait until tomorrow I could poke one of the pages people about it
certificate validation takes longer between retries the longer its gone on for, using a backoff schedule: https://developers.cloudflare.com/ssl/reference/validation-backoff-schedule/
Validation backoff schedule · Cloudflare SSL/TLS docs
Consider what happens if a domain control validation (DCV) fails and what schedule Cloudflare follows for new attempts and backoff.
the same page also notes
Cloudflare caps the check backoff to a maximum of four hours to avoid the function growing exponentiallywhich means under the very worst case scenario it could take 4 hours and also notes that it will give up entirely after a number of days: 30 for digicert, 14 for google and 7 for LE
It might have already given up then, iirc it should have first tried 30 days ago since it's expired today
Should be able to just remove/readd and get issued a new one that will be able to renew
pages custom domains area should show the status
and indeed would recommend redoing, if its broken anyway theres no downside
Thank you again everyone, I’ll give that a go 
is unlikely to automatically delete my Access config when I remove the custom domain from my Pages’ app’s settings, right?
is unlikely to automatically delete my Access config when I remove the custom domain from my Pages’ app’s settings, right?It won't affect anything in Access