How to Use Letsencrypt With Cloudflare

Author Avatar
Young Hug Dec 19, 2020

Let’sEncrpt is a website for applying certificates. There are many ways(nginx, cloudlfare) to apply the certificates. I will show you how to apply the certificates by Cloudflare(CF) in this article.

How it works

There are two steps to this process. First, the agent proves to the CA that the web server controls a domain. Then, the agent can request, renew, and revoke certificates for that domain.

The detailed step are as following:

  1. The CA might give the agent a choice of the following:
  • Provisioning a DNS record under example.com
  • Provisioning an HTTP resource under a well-known URI on http://example.com/
  1. Then, it’s the CA’s job to check that the challenges have been satisfied.

What we need to do exactly

We need to do the first step which is using a DNS record or providing a http resource for verifying.

Using Cloudflare

I will tell you use CF to apply and renew the certificates with docker. It’s similar to use the shell commands.

Pre-work

  1. Download the official docker Image certbot/dns-cloudflare in dockerhub
  2. Have a CF account and generate the api key in CF
  3. Add a DNS record in the CF

Applying Certificate

  1. Create a file /data/cf.ini for CF. And add two lines in there.

    1
    2
    dns_cloudflare_email={Your Email}
    dns_cloudflare_api_key={Your CF API Key}

  2. Applying the certificate

    1
    docker run -it --rm --name certbot -v "{YourOwnFoldToStoreCertificates}:/etc/letsencrypt" -v "{TheFoldInStep1}:/.secrets" certbot/dns-cloudflare --dns-cloudflare-credentials     ~/.secrets/cloudflare.ini --dns-cloudflare-propagation-seconds 60 --email {YourEmail} --agree-tos --no-eff-email --dns-cloudflare certonly

  3. You need type your domail and wait for the verifying.

Renew Certificate

Renew is similar.

  1. Using the following command:
1
podman run -it --rm --name certbot -v "{YourOwnFoldToStoreCertificates}:/etc/letsencrypt" -v "{TheFoldInStep1}:/.secrets" certbot/dns-cloudflare --dns-cloudflare-credentials ~/.secrets/cloudflare.ini --dns-cloudflare-propagation-seconds 60 --email {YourEmail} --agree-tos --no-eff-email --dns-cloudflare renew
  1. Waiting for the proccessing completing and check.

Enjoy🥳!

This blog is under a CC BY-NC-SA 3.0 Unported License
Link to this article: https://younggod.netlify.app/2020/12/19/practice/LetsEncrypte/

Powered by Hexo
Theme - Material
本站总访问量 |