RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1138 Commits
14 Branches
16 MiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
getssl/dns_scripts/Cloudflare-README.md

1.5 KiB
Raw Permalink Blame History

Using Cloudflare DNS for LetsEncrypt domain validation

Enabling the scripts

Set the following options in getssl.cfg (either global or domain-specific):

VALIDATE_VIA_DNS="true"
DNS_ADD_COMMAND="/usr/share/getssl/dns_scripts/dns_add_cloudflare"
DNS_DEL_COMMAND="/usr/share/getssl/dns_scripts/dns_del_cloudflare"

Authentication

There are 2 methods of authenticating with Cloudflare:

  1. API Keys - Account level, all-purpose tokens
  2. API Tokens - Scoped and permissioned access to resources

Both are configured from your profile in the Cloudflare dashboard

API Keys

The Zone ID for the domain will be searched for programmatically.

Set the following options in getssl.cfg:

export CF_EMAIL="..." # Cloudflare account email address
export CF_KEY="..."   # Global API Key

API Tokens

Cloudflare provides a template for creating an API Token with access to edit zone records. Tokens must be created with at least 'DNS:Edit permissions for the domain to add/delete records.

Set the following options in the domain-specific getssl.cfg

export CF_API_TOKEN="..."

By default, the associated Zone ID is searched automatically. However, it is also possible to configure the Zone ID manually. This might be necessary if there are a lot of zones. You can find the Zone ID at the Overview tab in the Cloudflare Dashboard.

export CF_ZONE_ID="..."

Note: API Keys will be used instead if also configured