Letsencrypt, Certbot, Cloudflare and Twilio link shortening cert upload script.

docker_command.sh

# Update: Use this repo instead https://github.com/bibstha/twilio-certbot-autoupdater/
#
# Make sure you create an api token to be used to auto add temporary TXT entries to your 
# cloudflare DNS using certbot automatically.
# in Cloudflare: My Profile > API Tokens > Create Token
#    Permission required: domain-name - DNS:Edit
# Copy token and replace the XXXX below
echo "dns_cloudflare_api_token = XXXXXX" > /tmp/cloudflare.ini

# This folder is where certbot downloads files. We will mount it to the certbot docker container later.
mkdir /tmp/letsencrypt-download

# Pull and Run docker container that already contains certbot's cloudflare plugin.
# Certbot 2.0 and above downlaods keys in new ECDSA format which is not compatible
# with Twilio. So make sure to supply --key-type rsa to get RSA keys.

docker run \
  -v /tmp:/tmp \
  -v /tmp/letsencrypt-download:/etc/letsencrypt \
  --rm --name certbot 
  certbot/dns-cloudflare certonly \
    -d my-domain.com \
    -n \
    --dns-cloudflare \
    --agree-tos \
    --email my-email@example.com \
    --dns-cloudflare-credentials=/tmp/cloudflare.ini \
    --dns-cloudflare-propagation-seconds 15 \
    --key-type rsa

update_twilio.sh

# Make sure you pass the three environment varialbes below
# DOMAIN_SID (find it from https://www.twilio.com/console/admin/domains
# TWILIO_ACCOUNT_SID
# TWILIO_AUTH_TOKEN
#
# Usage: 
# DOMAIN_SID=DNXYZ TWILIO_ACCOUNT_SID=AC123 TWILIO_AUTH_TOKEN=XXXX ./update_twilio.sh

CERT_AND_PRIVATE_KEY="$(cat /tmp/letsencrypt-download/live/my-domain.com/cert.pem; cat /tmp/letsencrypt-download/live/my-domain.com/privkey.pem)"

curl -X POST "https://messaging.twilio.com/v1/LinkShortening/Domains/$DOMAIN_SID/Certificate" \
  --data-urlencode "TlsCert=$CERT_AND_PRIVATE_KEY" \
  -u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN