Certbot for Ubuntu 24.04 Server
Automated Bash installer script for deploying Certbot with Cloudflare DNS challenge support on Ubuntu 24.04.
Note
Although commonly used for web servers such as Nginx or Apache, this script works with any service that requires TLS certificates.
Prerequisites
A Cloudflare API key with Zone:DNS:Edit permission for the zone you need a certificate for. See the article here for detailed information.
Preparing
Update your package index before running the installer:
sudo apt update -y
Download the Script
Clone the repository from your Git server:
git clone https://git.x-files.dk/server-general/certbot-ubuntu.git
Usage
Run the script to install and configure Certbot with Cloudflare DNS plugin:
cd certbot-ubuntu
sudo ./certbotinstall [-p] <Cloudflare API Key>
Example
sudo ./certbotinstall -p 1234567890abcdef1234567
Post-install
Nothing to do.
Examples
Creating a new certificate with Nginx hook
sudo certbot certonly -d example.com -d www.example.com -d sub1.example.com -d sub2.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini --post-hook "service nginx reload" --non-interactive --agree-tos --email email@example.com --dns-cloudflare-propagation-seconds 30
Creating a wildcard certificate with Nginx hook
sudo certbot certonly -d *.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini --post-hook "service nginx reload" --non-interactive --agree-tos --email email@example.com --dns-cloudflare-propagation-seconds 30
Delete a certificate
List all certificates:
sudo certbot certificates
Example output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: example.com
Serial Number: 4fac2132bca56b1ce808116378450ed5197
Key Type: RSA
Domains: example.com sub1.example.com sub2.example.com sub3.example.com
Expiry Date: 2022-05-05 08:24:14+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Delete example.com:
sudo certbot delete --cert-name example.com
Adding a subdomain or domain to a certificate
To add a subdomain, expand the current certificate with the new subdomain. This means including all the existing domains, then expanding with the new subdomain.
Example (adding sub1.example.com):
sudo certbot certonly --expand -d example.com -d www.example.com -d sub1.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini
Note
Best practice is to delete the current certificate and request a new one with all domains and subdomains.
Modify a certificate
List all certificates:
sudo certbot certificates
Example output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: example.com
Serial Number: 4fac2132bca56b1ce808116378450ed5197
Key Type: RSA
Domains: example.com sub1.example.com sub2.example.com sub3.example.com
Expiry Date: 2022-05-05 08:24:14+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
To remove sub2.example.com, run:
sudo certbot --cert-name example.com -d example.com -d sub1.example.com -d sub3.example.com
This will reissue the certificate for example.com, sub1.example.com, and sub3.example.com, leaving out sub2.example.com.
More Information
More guides and documentation can be found on wiki.x-files.dk
License
Licensed under the MIT License.