colinmcintosh/ubuntu_nginx_acmesh_cloudflare

## ubuntu_nginx_acmesh_cloudflare
sudo apt update
sudo apt upgrade -y


sudo apt install nginx
sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
# Create a folder to store your certs
mkdir -p /etc/nginx/ssl
# Edit NGINX config for your site
# If you need a TLS secured NGINX config look at https://gist.github.com/colinmcintosh/25425fccbde0a5bdc9df1153bd94b665
sudo vim /etc/nginx/nginx.conf


# Install acme.sh to in the root account, other users will work too but you'll need to work out permissions for reloading services
sudo su -
curl https://get.acme.sh | sh


# Generate a new token at https://dash.cloudflare.com/profile/api-tokens
# Create a custom token with these settings:
#     Permissions:
#         Zone - DNS - Edit
#     Zone Resources:
#         Include - Specific Zone - <YOUR_ZONE_NAME>
#     IP Address Filtering: optional
#     TTL: optional
export CF_Token=<YOUR_CF_TOKEN>

# Get your Zone ID from the sidebar on the homepage of your Cloudflare Dashboard
# Make sure you are using the 32 character alphanumeric ID that looks something like 81501ef88ef9b34f24450b63145d4019
export CF_Zone_ID=<YOUR_ZONE_ID>


# Get your certs
~/.acme.sh/acme.sh --issue -d <YOUR_DOMAIN> --dns dns_cf --server letsencrypt

# Install your certs
# Make sure the certificate file locations in this command match your NGINX config
~/.acme.sh/acme.sh --install-cert -d <YOUR_DOMAIN> \
    --cert-file /etc/nginx/ssl/<YOUR_DOMAIN>.cert.pem \
    --key-file /etc/nginx/ssl/<YOUR_DOMAIN>.key.pem \
    --fullchain-file /etc/nginx/ssl/<YOUR_DOMAIN>.fullchain.pem \
    --reloadcmd "systemctl reload nginx.service"


# Done!
# You should be all set now. The certs will be automatically renewed every 60 days.


# If you need to stop renewal in the future use the command
acme.sh --remove -d <YOUR_DOMAIN>
	sudo apt update
	sudo apt upgrade -y


	sudo apt install nginx
	sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
	# Create a folder to store your certs
	mkdir -p /etc/nginx/ssl
	# Edit NGINX config for your site
	# If you need a TLS secured NGINX config look at https://gist.github.com/colinmcintosh/25425fccbde0a5bdc9df1153bd94b665
	sudo vim /etc/nginx/nginx.conf


	# Install acme.sh to in the root account, other users will work too but you'll need to work out permissions for reloading services
	sudo su -
	curl https://get.acme.sh \| sh


	# Generate a new token at https://dash.cloudflare.com/profile/api-tokens
	# Create a custom token with these settings:
	# Permissions:
	# Zone - DNS - Edit
	# Zone Resources:
	# Include - Specific Zone - <YOUR_ZONE_NAME>
	# IP Address Filtering: optional
	# TTL: optional
	export CF_Token=<YOUR_CF_TOKEN>

	# Get your Zone ID from the sidebar on the homepage of your Cloudflare Dashboard
	# Make sure you are using the 32 character alphanumeric ID that looks something like 81501ef88ef9b34f24450b63145d4019
	export CF_Zone_ID=<YOUR_ZONE_ID>


	# Get your certs
	~/.acme.sh/acme.sh --issue -d <YOUR_DOMAIN> --dns dns_cf --server letsencrypt

	# Install your certs
	# Make sure the certificate file locations in this command match your NGINX config
	~/.acme.sh/acme.sh --install-cert -d <YOUR_DOMAIN> \
	--cert-file /etc/nginx/ssl/<YOUR_DOMAIN>.cert.pem \
	--key-file /etc/nginx/ssl/<YOUR_DOMAIN>.key.pem \
	--fullchain-file /etc/nginx/ssl/<YOUR_DOMAIN>.fullchain.pem \
	--reloadcmd "systemctl reload nginx.service"


	# Done!
	# You should be all set now. The certs will be automatically renewed every 60 days.


	# If you need to stop renewal in the future use the command
	acme.sh --remove -d <YOUR_DOMAIN>