RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
847 Commits
14 Branches
16 MiB
 
 
 
 
 
 
Tree: b028cb7291
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b028cb7291'
${ noResults }
getssl/dns_scripts/Cloudflare-README.md

1.4 KiB
Raw Blame History

Using Cloudflare DNS for LetsEncrypt domain validation

Enabling the scripts

Set the following options in getssl.cfg (either global or domain-specific):

VALIDATE_VIA_DNS="true"
DNS_ADD_COMMAND="/usr/share/getssl/dns_scripts/dns_add_cloudflare"
DNS_DEL_COMMAND="/usr/share/getssl/dns_scripts/dns_del_cloudflare"

Authentication

There are 2 methods of authenticating with Cloudflare:

  1. API Keys - Account level, all-purpose tokens
  2. API Tokens - Scoped and permissioned access to resources

Both are configured from your profile in the Cloudflare dashboard

API Keys

The Zone ID for the domain will be searched for programmatically.

Set the following options in getssl.cfg:

export CF_EMAIL="..." # Cloudflare account email address
export CF_KEY="..."   # Global API Key

API Tokens

Cloudflare provides a template for creating an API Token with access to edit zone records. Tokens must be created with at least 'DNS:Edit permissions for the domain to add/delete records.

The API requires higher privileges to be able to list zones, therefore this method also requires the Zone ID from the Overview tab in the Cloudflare Dashboard.

Set the following options in the domain-specific getssl.cfg

export CF_API_TOKEN="..."
export CF_ZONE_ID="..."

Note: API Keys will be used instead if also configured