# Setup Certbot with Auto Renewal for Cloudflare
- Navigate to Cloudflare -> My Profile -> API Tokens -> Create Token You only need to select the following permissions
- On your server, install certbot and DNS plugin for Cloudflare
apt update
apt install certbot -y
- Install DNS plugin for Cloudflare
apt install python3-certbot-dns-cloudflare -y
- Create ini file with api key and secret
nano /etc/letsencrypt/cloudflare.ini
- Add api key and secret created in step 1
dns_cloudflare_api_token = <api key>
- Save the file and update permissions
chmod 600 /etc/letsencrypt/cloudflare.ini
- Generate certificate using certbot with DNS plugin for Cloudflare
certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini -d <domain.com> -d <\*.domain.com>
Results:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/<domain.com>/fullchain.pem
Key is saved at: /etc/letsencrypt/live/<domain.com>/privkey.pem
- Validate certificate and dns update with dry run (this will not create a new certificate or update dns)
certbot renew --dry-run
Results:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/<domain.com>.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Account registered.
Simulating renewal of an existing certificate for <domain.com> and <*.domain.com>
Waiting 10 seconds for DNS changes to propagate
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/<domain.com>/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Reload nginx to apply new certificate (optional)
systemctl reload nginx
- Validate certbot timer
systemctl list-timers | grep certbot
Results:
Tue 2024-11-05 02:22:10 UTC 3h 21min Mon 2024-11-04 17:16:51 UTC 5h 43min ago certbot.timer certbot.service