latest commit

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Allan Christensen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,137 @@
+# Certbot with Cloudflare DNS for Ubuntu 24.04
+[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#)
+[![Shell](https://img.shields.io/badge/shell-bash-121011)](#)
+[![Certbot](https://img.shields.io/badge/certbot-cloudflare_dns-2AABEE)](#)
+[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE)
+
+Install Certbot using Cloudflare DNS validation on Ubuntu 24.04 server.
+
+This is not a test environment and not a casual demo.  
+This is a production-grade installer built to issue and renew certificates reliably — including wildcards.
+
+## Why this installer exists
+DNS-01 validation is simpler and more flexible than HTTP-01 — especially for wildcard certificates and multi-host setups.
+
+## What this installer does  
+✔ Automates DNS-01 via Cloudflare  
+✔ Supports wildcard certificates  
+✔ Optional Nginx reload hook  
+✔ Ideal for multi-site deployments  
+
+## What this installer does *NOT* do
+It won’t stop you from running the script without reading the documentation like there’s no tomorrow.  
+Skip the README, and whatever happens next is your headache, not a bug report.
+
+---
+
+## Requirements
+
+### You need:
+
+✔ A Cloudflare API key with DNS:Edit permissions  
+✔ A domain pointing to Cloudflare  
+
+Guide if needed:  
+[Certbot Cloudflare](https://certbot-dns-cloudflare.readthedocs.io/)
+
+---
+
+## 1. Download
+
+```
+git clone https://git.x-files.dk/webserver/certbot-ubuntu.git
+```
+
+```
+cd certbot-ubuntu
+```
+
+---
+
+## 2. Run the installer
+
+```
+sudo ./certbotinstall [-p] <Cloudflare API Key>
+```
+
+Example:
+
+```
+sudo ./certbotinstall -p 1234567890abcdef123456abcd
+```
+
+After installation, certbot is ready to issue certificates immediately.
+
+---
+
+## 3. Issue Certificates
+
+### Standard certificate + Nginx reload
+
+```
+sudo certbot certonly   -d example.com -d www.example.com   --dns-cloudflare   --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini   --post-hook "service nginx reload"   --non-interactive --agree-tos   --email admin@example.com   --dns-cloudflare-propagation-seconds 30
+```
+
+---
+
+### Wildcard (includes all subdomains)
+
+```
+sudo certbot certonly   -d *.example.com   --dns-cloudflare   --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini   --post-hook "service nginx reload"   --non-interactive --agree-tos   --email admin@example.com   --dns-cloudflare-propagation-seconds 30
+```
+
+Wildcard = **ideal for multi-site hosting**.
+
+---
+
+## Certificate Management
+
+### List certificates
+```
+sudo certbot certificates
+```
+
+### Delete certificate
+```
+sudo certbot delete --cert-name example.com
+```
+
+---
+
+## Add new subdomain to existing cert
+
+```
+sudo certbot certonly --expand   -d example.com -d www.example.com -d sub1.example.com   --dns-cloudflare   --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini
+```
+
+### Best practice:
+If many domains change → reissue instead of modifying.
+
+---
+
+### Modify/Remove domains
+
+List existing:
+
+```
+sudo certbot certificates
+```
+
+Reissue without `sub2.example.com`:
+
+```
+sudo certbot --cert-name example.com   -d example.com -d sub1.example.com -d sub3.example.com
+```
+
+---
+
+### More Information
+
+More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk)
+
+---
+
+### License
+Licensed under the [MIT License](./LICENSE).
+
+---

certbotinstall

@@ -0,0 +1,114 @@
+#!/usr/bin/env bash
+
+# Author        : Allan Christensen
+# First Created : 08-04-2022 (DD-MM-YYYY)
+# Description   : Installs Certbot with Cloudflare and DNS Challenge on Ubuntu 24.04
+# License       : MIT License
+
+#
+# Are we root
+#
+if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit ; fi
+
+#
+# If snapd is not installed or not working then die
+#
+if ! timeout 2 snap version >/dev/null 2>&1; then echo "ERROR: snapd is not installed or not working — aborting..." ; exit 1 ; fi
+
+#
+# Function usage
+#
+usage () {
+printf -- "\ncertbotinstall\n\n"
+printf -- "Note: Must be run as root or with sudo\n\n"
+printf -- "Usage:\n"
+printf -- "sudo ./certbotinstall [-p] <API Token>\n"
+printf -- "                      [-h] <Show this help screen>\n\n"
+printf -- "Examples:\n"
+printf -- "sudo ./certbotinstall -p 1234AkkbdceewEFJK\n\n"
+}
+
+#
+# Let's go
+#
+clear
+
+
+#
+# Check if no arguments were given
+#
+if [[ $# -eq 0 ]]; then usage; exit 1; fi
+
+#
+# Manual argument parsing
+#
+while [[ $# -gt 0 ]]; do
+    case "$1" in
+        -p)
+            shift
+            if [[ -z "$1" ]]; then
+                usage
+                printf "ERROR: API token cannot be empty!\n\n"
+                exit 1
+            fi
+            apitoken="$1"
+
+            #
+            # Validate Cloudflare API token format
+            #
+            if [[ "$apitoken" =~ [[:space:]] ]]; then
+                printf "\nERROR: API token cannot contain spaces or line breaks.\n\n"
+                exit 1
+            fi
+
+	    if [[ ! "$apitoken" =~ ^[A-Za-z0-9_-]{20,120}$ ]]; then
+    	    	printf "\nERROR: Invalid API token format.\n"
+            	printf "Expected 20-120 characters (A-Z, a-z, 0-9, - or _).\n\n"
+            	exit 1
+            fi
+
+            shift
+            ;;
+        -h)
+            usage
+            exit 0
+            ;;
+        *)
+            usage
+            printf "\nType: sudo %s -h for help\n\n" "$0"
+            exit 1
+            ;;
+    esac
+done
+
+#
+# Install Certbot
+#
+snap install core && snap refresh core
+snap install --classic certbot
+ln -sf /snap/bin/certbot /usr/bin/certbot
+
+#
+# Install Cloudflare plugin 
+#
+snap set certbot trust-plugin-with-root=ok
+snap install certbot-dns-cloudflare
+
+#
+# Create the directory and the file that will store the API token
+#
+mkdir -p /etc/letsencrypt
+cat > /etc/letsencrypt/dnscloudflare.ini <<EOT
+# Cloudflare API token used by Certbot
+dns_cloudflare_api_token = $apitoken
+EOT
+chmod 0600 /etc/letsencrypt/dnscloudflare.ini
+
+#
+# All done
+#
+printf "\nAll Done...\n\n"
+
+#
+# End of script
+#

last-tested

@@ -0,0 +1,4 @@
+------------------------------------
+Last tested: 19-12-2025 (DD-MM-YYYY)
+Environment: Ubuntu Server 24.04 LTS
+------------------------------------