Use certbot to generate certificates on nginx behind cloudflare

certbot.md

Install and use certbot with nginx and nextcloud

Tested on Ubuntu 20.04.

Install pip3

sudo apt install python3-pip

Install certbot and plugins

sudo pip3 install certbot certbot-dns-cloudflare certbot-nginx

Get an api token with Edit:DNS permissions

https://dash.cloudflare.com/profile/api-tokens

Create credentials folder and file

mkdir ~/.secrets
echo "dns_cloudflare_api_token = XYZ-TOKEN" > ~/.secrets/cloudflare.ini
sudo chmod 0700 .secrets
sudo chmod 0400 ~/.secrets/cloudflare.ini

Run it

sudo certbot --installer nginx --dns-cloudflare --dns-cloudflare-credentials /home/XYZ-USER/.secrets/cloudflare.ini --dns-cloudflare-propagation-seconds 30

Test renewal

sudo certbot renew --dry-run --dns-cloudflare-propagation-seconds 30

Run crontab every other month

sudo su
crontab -e
0 0 1 */2 * /usr/local/bin/certbot renew --quiet --dns-cloudflare-propagation-seconds 30