Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@fideloper
Last active April 18, 2024 14:43
Show Gist options
  • Star 33 You must be signed in to star a gist
  • Fork 11 You must be signed in to fork a gist
  • Save fideloper/ca27b2416b073312a0ee44be173e9162 to your computer and use it in GitHub Desktop.
Save fideloper/ca27b2416b073312a0ee44be173e9162 to your computer and use it in GitHub Desktop.
Certbot on Ubuntu, wildcard subdomains via CloudFlare DNS challenge
# Used on Ubuntu 18.04 and 20.04
# Find instructions for other OSes here: https://certbot.eff.org/instructions
# Install Certbot via Snaps
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
# Install DNS CloudFlare plugin
sudo snap set certbot trust-plugin-with-root=ok
sudo snap install certbot-dns-cloudflare
# This directory may not exist yet
sudo mkdir -p /etc/letsencrypt
# Create file with the Cloudflare API token
sudo tee /etc/letsencrypt/dnscloudflare.ini > /dev/null <<EOT
# Cloudflare API token used by Certbot
dns_cloudflare_api_token = AN_API_TOKEN_HERE
EOT
# Secure that file (otherwise certbot yells at you)
sudo chmod 0600 /etc/letsencrypt/dnscloudflare.ini
# Create a certificate!
# This has nginx reload upon renewal,
# which assumes Nginx is using the created certificate
# You can also create non-wildcard subdomains, e.g. "-d foo.example.org"
sudo certbot certonly -d *.example.org \
--dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini \
--post-hook "service nginx reload" \
--non-interactive --agree-tos \
--email someone-who-pays-attention-to-emails@example.org
# Test it out
sudo certbot renew --dry-run
@bharatsewani1993
Copy link

Thank you for sharing this, if you intentionally made it public :)

@fideloper
Copy link
Author

Glad it was useful @bharatsewani1993 !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment