The Cloudflare DNS plugin automates the process of completing a dns-01 challenge by creating and subsequently removing TXT records using the Cloudflare API.
The Goal
We want to be able to generate wildcard TLS certificates (e.g. *.example.com) using Certbot and DNS Cloudflare plugin.
Pre-requisites
Use of certbot-dns-cloudflare plugin requires a configuration file containing Cloudflare API credentials, obtained from your Cloudflare dashboard.
Installation
Install snapd
$ sudo yum install epel-release $ sudo yum install snapd $ sudo systemctl enable --now snapd.socket $ sudo ln -s /var/lib/snapd/snap /snap
Install Certbot
$ sudo snap install --classic certbot $ sudo ln -s /snap/bin/certbot /usr/bin/certbot $ sudo snap set certbot trust-plugin-with-root=ok
Install Cloudflare DNS Plugin
$ sudo snap install certbot-dns-cloudflare
Set up Cloudflare Credentials
Log into Cloudflare dashboard and obtain your API token. Save it inside the file /root/.cloudflare.ini.
$ sudo cat /root/.cloudflare.ini # Cloudflare API token used by Certbot dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567
Get a Wildcard Certificate
Acquire a wildcard certificate for *.example.com, waiting 60 seconds for DNS propagation.
$ sudo certbot certonly \ --email [email protected] \ --agree-tos \ --no-eff-email \ --dns-cloudflare \ --dns-cloudflare-credentials /root/.cloudflare.ini \ --dns-cloudflare-propagation-seconds 60 \ -d "example.com" \ -d "*.example.com"
References
https://certbot-dns-cloudflare.readthedocs.io/en/stable/