Created
January 20, 2024 22:59
-
-
Save Kaurin/e1aa686b342122e458b218e8a837863b to your computer and use it in GitHub Desktop.
One-off CloudFlare Certbot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/env/sh | |
# Notes: | |
# * Does not require root. | |
# * Will probably prompt you to share your email with letsencryp. Not sure how to disable prompt | |
# Requirements: pipenv | |
### EDIT THESE | |
WORKDIR="/my/work/dir" | |
DOMAIN='*.example.wildcard.domain.com' | |
### END EDIT | |
# Make sure to manually fill in cli.ini and cloudflare.ini as per examples below | |
mkdir -p "$WORKDIR" | |
cd "$WORKDIR" || exit 1 | |
pipenv install certbot certbot-dns-cloudflare | |
touch cli.ini | |
##### EXAMPLE cli.ini | |
# key-type = ecdsa | |
# elliptic-curve = secp384r1 | |
# rsa-key-size = 4096 | |
# email = email_that_will_be_on_the_cert@example.com # -- does not have to be the cloudflare email. | |
# agree-tos = true | |
##### END cli.ini | |
touch cloudflare.ini | |
##### EXAMPLE cloudflare.ini | |
# # Get your Cloudflare API credential that's scoped down to your zone, with the permision to edit | |
# dns_cloudflare_api_token = MY_FANCY_TOKEN | |
##### END cloudflare.ini | |
pipenv run certbot certonly \ | |
--dns-cloudflare \ | |
--dns-cloudflare-credentials "$WORKDIR\cloudflare.ini" \ | |
-d "$DOMAIN" \ | |
--logs-dir "$WORKDIR" \ | |
--config-dir "$WORKDIR" \ | |
--work-dir "$WORKDIR" \ | |
--config "$WORKDIR\cli.ini" | |
# Cleanup | |
cd "$WORKDIR" || exit 1 | |
pipenv --rm | |
cd ~ || exit 1 | |
# Potentially dangerous if you set your workdir to something important | |
# Also, make sure to grab the certs first | |
# rm -rf "WORKDIR" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment