Last active
October 21, 2021 15:58
-
-
Save tmm/ec14bc31aca95dcf70e0ec782455f98a to your computer and use it in GitHub Desktop.
Revisions
-
tmm revised this gist
Feb 10, 2019 . 1 changed file with 0 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,10 +10,6 @@ dns_cloudflare_email="$CLOUDFLARE_EMAIL" dns_cloudflare_api_key="$CLOUDFLARE_API_KEY" CLOUDFLARE_CONFIG # install pip, upgrade, then install the cloudflare/certbot tool pip install certbot-dns-cloudflare -
Feb 10, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,38 @@ # configuration for cloudflare CLOUDFLARE_EMAIL="[email protected]" CLOUDFLARE_API_KEY="sdfsafsdafadsdsaf" DOMAIN="example.com" # as root configure your cloudflare secrets mkdir -p .secrets cat <<CLOUDFLARE_CONFIG > .secrets/cloudflare.ini dns_cloudflare_email="$CLOUDFLARE_EMAIL" dns_cloudflare_api_key="$CLOUDFLARE_API_KEY" CLOUDFLARE_CONFIG # make sure they are hidden, the api key is more powerful than a password! # chmod 0700 .secrets/ # chmod 0400 .secrets/cloudflare.ini # install pip, upgrade, then install the cloudflare/certbot tool pip install certbot-dns-cloudflare # generate a wildcard cert for the domain using a dns challenge # # --quiet, suppress output # --non-interactive, avoid user input # --agree-tos, agree to tos on first run # --keep-until-expiring, keep existing certs # --preferred-challenges, specify to use dns-01 challenge # --dns-cloudflare, use the cloudflare dns plugin # --dns-cloudflare-credentials, path to ini config # -d, domains to generate keys for, you can add additional ones if needed sudo certbot certonly \ --agree-tos \ --config-dir /etc/letsencrypt \ --work-dir /var/lib/letsencrypt \ --logs-dir /var/log/letsencrypt \ --preferred-challenges dns-01 \ --dns-cloudflare \ --dns-cloudflare-credentials .secrets/cloudflare.ini \ -d $DOMAIN,*.$DOMAIN