The Cloudflare DNS plugin automates the process of completing a dns-01 challenge by creating and subsequently removing TXT records using the Cloudflare API.

The Goal
We want to be able to generate wildcard TLS certificates (e.g. *.example.com) using Certbot and DNS Cloudflare plugin.
Pre-requisites
Use of certbot-dns-cloudflare plugin requires a configuration file containing Cloudflare API credentials, obtained from your Cloudflare dashboard.
Installation
Install snapd

$ sudo yum install epel-release
$ sudo yum install snapd
$ sudo systemctl enable –now snapd.socket
$ sudo ln -s /var/lib/snapd/snap /snap

Install Certbot

$ sudo snap install –classic certbot
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
$ sudo snap set certbot trust-plugin-with-root=ok

Install Cloudflare DNS Plugin
$ sudo snap install certbot-dns-cloudflare
Set up Cloudflare Credentials
Log into Cloudflare dashboard and obtain your API token. Save it inside the file /root/.cloudflare.ini.
$ sudo cat /root/.cloudflare.ini
# Cloudflare API token used by Certbot
dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567

Get a Wildcard Certificate
Acquire a wildcard certificate for *.example.com, waiting 60 seconds for DNS propagation.

$ sudo certbot certonly \
–email [email protected] \
–agree-tos \
–no-eff-email \
–dns-cloudflare \
–dns-cloudflare-credentials /root/.cloudflare.ini \
–dns-cloudflare-propagation-seconds 60 \
-d “example.com” \
-d “*.example.com”

References
https://certbot-dns-cloudflare.readthedocs.io/en/stable/

This entry was posted in Linux and tagged CentOS, Certbot, Rocky Linux. Bookmark the permalink. If you notice any errors, please contact us.