Last active
October 21, 2021 15:58
-
-
Save tmm/ec14bc31aca95dcf70e0ec782455f98a to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # configuration for cloudflare | |
| CLOUDFLARE_EMAIL="[email protected]" | |
| CLOUDFLARE_API_KEY="sdfsafsdafadsdsaf" | |
| DOMAIN="example.com" | |
| # as root configure your cloudflare secrets | |
| mkdir -p .secrets | |
| cat <<CLOUDFLARE_CONFIG > .secrets/cloudflare.ini | |
| dns_cloudflare_email="$CLOUDFLARE_EMAIL" | |
| dns_cloudflare_api_key="$CLOUDFLARE_API_KEY" | |
| CLOUDFLARE_CONFIG | |
| # install pip, upgrade, then install the cloudflare/certbot tool | |
| pip install certbot-dns-cloudflare | |
| # generate a wildcard cert for the domain using a dns challenge | |
| # | |
| # --quiet, suppress output | |
| # --non-interactive, avoid user input | |
| # --agree-tos, agree to tos on first run | |
| # --keep-until-expiring, keep existing certs | |
| # --preferred-challenges, specify to use dns-01 challenge | |
| # --dns-cloudflare, use the cloudflare dns plugin | |
| # --dns-cloudflare-credentials, path to ini config | |
| # -d, domains to generate keys for, you can add additional ones if needed | |
| sudo certbot certonly \ | |
| --agree-tos \ | |
| --config-dir /etc/letsencrypt \ | |
| --work-dir /var/lib/letsencrypt \ | |
| --logs-dir /var/log/letsencrypt \ | |
| --preferred-challenges dns-01 \ | |
| --dns-cloudflare \ | |
| --dns-cloudflare-credentials .secrets/cloudflare.ini \ | |
| -d $DOMAIN,*.$DOMAIN |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment