everdaniel · January 3, 2024 03:49 · Feb 7, 2022 · Feb 7, 2022
diff --git a/certbot.sh b/certbot.sh
@@ -26,6 +26,7 @@ sudo chmod 0600 /etc/letsencrypt/dnscloudflare.ini
 # Create a certificate!
 # This has nginx reload upon renewal,
 # which assumes Nginx is using the created certificate
+# You can also create non-wildcard subdomains, e.g. "-d foo.example.org"
 sudo certbot certonly -d *.example.org \
     --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini \
     --post-hook "service nginx reload" \

diff --git a/certbot.sh b/certbot.sh
@@ -0,0 +1,36 @@
+# Used on Ubuntu 18.04 and 20.04
+# Find instructions for other OSes here: https://certbot.eff.org/instructions
+
+# Install Certbot via Snaps
+sudo snap install core; sudo snap refresh core
+sudo snap install --classic certbot
+sudo ln -s /snap/bin/certbot /usr/bin/certbot
+
+# Install DNS CloudFlare plugin
+sudo snap set certbot trust-plugin-with-root=ok
+sudo snap install certbot-dns-cloudflare
+
+# This directory may not exist yet
+sudo mkdir -p /etc/letsencrypt
+
+
+# Create file with the Cloudflare API token
+sudo tee /etc/letsencrypt/dnscloudflare.ini > /dev/null <<EOT
+# Cloudflare API token used by Certbot
+dns_cloudflare_api_token = AN_API_TOKEN_HERE
+EOT
+
+# Secure that file (otherwise certbot yells at you)
+sudo chmod 0600 /etc/letsencrypt/dnscloudflare.ini
+
+# Create a certificate!
+# This has nginx reload upon renewal,
+# which assumes Nginx is using the created certificate
+sudo certbot certonly -d *.example.org \
+    --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini \
+    --post-hook "service nginx reload" \
+    --non-interactive --agree-tos \
+    --email [email protected]
+
+# Test it out
+sudo certbot renew --dry-run