webserver/certbot-ubuntu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
528e293a3741470cfadb5b0d40e6a650556f9893
certbot-ubuntu/README.md

138 lines
3.2 KiB
Markdown
Raw Normal View History

latest commit
2025-12-19 15:44:13 +01:00
# Certbot with Cloudflare DNS for Ubuntu 24.04
[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#)
[![Shell](https://img.shields.io/badge/shell-bash-121011)](#)
[![Certbot](https://img.shields.io/badge/certbot-cloudflare_dns-2AABEE)](#)
[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE)
Install Certbot using Cloudflare DNS validation on Ubuntu 24.04 server.
This is not a test environment and not a casual demo.
This is a production-grade installer built to issue and renew certificates reliably — including wildcards.
## Why this installer exists
DNS-01 validation is simpler and more flexible than HTTP-01 — especially for wildcard certificates and multi-host setups.
## What this installer does
✔ Automates DNS-01 via Cloudflare
✔ Supports wildcard certificates
✔ Optional Nginx reload hook
✔ Ideal for multi-site deployments
## What this installer does *NOT* do
It wont stop you from running the script without reading the documentation like theres no tomorrow.
Skip the README, and whatever happens next is your headache, not a bug report.
---
## Requirements
### You need:
✔ A Cloudflare API key with DNS:Edit permissions
✔ A domain pointing to Cloudflare
Guide if needed:
[Certbot Cloudflare](https://certbot-dns-cloudflare.readthedocs.io/)
---
## 1. Download
```
git clone https://git.x-files.dk/webserver/certbot-ubuntu.git
```
```
cd certbot-ubuntu
```
---
## 2. Run the installer
```
sudo ./certbotinstall [-p] <Cloudflare API Key>
```
Example:
```
sudo ./certbotinstall -p 1234567890abcdef123456abcd
```
After installation, certbot is ready to issue certificates immediately.
---
## 3. Issue Certificates
### Standard certificate + Nginx reload
```
sudo certbot certonly -d example.com -d www.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini --post-hook "service nginx reload" --non-interactive --agree-tos --email admin@example.com --dns-cloudflare-propagation-seconds 30
```
---
### Wildcard (includes all subdomains)
```
sudo certbot certonly -d *.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini --post-hook "service nginx reload" --non-interactive --agree-tos --email admin@example.com --dns-cloudflare-propagation-seconds 30
```
Wildcard = **ideal for multi-site hosting**.
---
## Certificate Management
### List certificates
```
sudo certbot certificates
```
### Delete certificate
```
sudo certbot delete --cert-name example.com
```
---
## Add new subdomain to existing cert
```
sudo certbot certonly --expand -d example.com -d www.example.com -d sub1.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini
```
### Best practice:
If many domains change → reissue instead of modifying.
---
### Modify/Remove domains
List existing:
```
sudo certbot certificates
```
Reissue without `sub2.example.com`:
```
sudo certbot --cert-name example.com -d example.com -d sub1.example.com -d sub3.example.com
```
---
### More Information
More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk)
---
### License
Licensed under the [MIT License](./LICENSE).
---
Reference in New Issue Copy Permalink