From 528e293a3741470cfadb5b0d40e6a650556f9893 Mon Sep 17 00:00:00 2001 From: allan Date: Fri, 19 Dec 2025 15:44:13 +0100 Subject: [PATCH] latest commit --- LICENSE | 21 ++++++++ README.md | 137 +++++++++++++++++++++++++++++++++++++++++++++++++ certbotinstall | 114 ++++++++++++++++++++++++++++++++++++++++ last-tested | 4 ++ 4 files changed, 276 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100755 certbotinstall create mode 100644 last-tested diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..3eaaa81 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2025 Allan Christensen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..eef7746 --- /dev/null +++ b/README.md @@ -0,0 +1,137 @@ +# Certbot with Cloudflare DNS for Ubuntu 24.04 +[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#) +[![Shell](https://img.shields.io/badge/shell-bash-121011)](#) +[![Certbot](https://img.shields.io/badge/certbot-cloudflare_dns-2AABEE)](#) +[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE) + +Install Certbot using Cloudflare DNS validation on Ubuntu 24.04 server. + +This is not a test environment and not a casual demo. +This is a production-grade installer built to issue and renew certificates reliably — including wildcards. + +## Why this installer exists +DNS-01 validation is simpler and more flexible than HTTP-01 — especially for wildcard certificates and multi-host setups. + +## What this installer does +✔ Automates DNS-01 via Cloudflare +✔ Supports wildcard certificates +✔ Optional Nginx reload hook +✔ Ideal for multi-site deployments + +## What this installer does *NOT* do +It won’t stop you from running the script without reading the documentation like there’s no tomorrow. +Skip the README, and whatever happens next is your headache, not a bug report. + +--- + +## Requirements + +### You need: + +✔ A Cloudflare API key with DNS:Edit permissions +✔ A domain pointing to Cloudflare + +Guide if needed: +[Certbot Cloudflare](https://certbot-dns-cloudflare.readthedocs.io/) + +--- + +## 1. Download + +``` +git clone https://git.x-files.dk/webserver/certbot-ubuntu.git +``` + +``` +cd certbot-ubuntu +``` + +--- + +## 2. Run the installer + +``` +sudo ./certbotinstall [-p] +``` + +Example: + +``` +sudo ./certbotinstall -p 1234567890abcdef123456abcd +``` + +After installation, certbot is ready to issue certificates immediately. + +--- + +## 3. Issue Certificates + +### Standard certificate + Nginx reload + +``` +sudo certbot certonly -d example.com -d www.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini --post-hook "service nginx reload" --non-interactive --agree-tos --email admin@example.com --dns-cloudflare-propagation-seconds 30 +``` + +--- + +### Wildcard (includes all subdomains) + +``` +sudo certbot certonly -d *.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini --post-hook "service nginx reload" --non-interactive --agree-tos --email admin@example.com --dns-cloudflare-propagation-seconds 30 +``` + +Wildcard = **ideal for multi-site hosting**. + +--- + +## Certificate Management + +### List certificates +``` +sudo certbot certificates +``` + +### Delete certificate +``` +sudo certbot delete --cert-name example.com +``` + +--- + +## Add new subdomain to existing cert + +``` +sudo certbot certonly --expand -d example.com -d www.example.com -d sub1.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini +``` + +### Best practice: +If many domains change → reissue instead of modifying. + +--- + +### Modify/Remove domains + +List existing: + +``` +sudo certbot certificates +``` + +Reissue without `sub2.example.com`: + +``` +sudo certbot --cert-name example.com -d example.com -d sub1.example.com -d sub3.example.com +``` + +--- + +### More Information + +More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk) + +--- + +### License +Licensed under the [MIT License](./LICENSE). + +--- diff --git a/certbotinstall b/certbotinstall new file mode 100755 index 0000000..e0789a1 --- /dev/null +++ b/certbotinstall @@ -0,0 +1,114 @@ +#!/usr/bin/env bash + +# Author : Allan Christensen +# First Created : 08-04-2022 (DD-MM-YYYY) +# Description : Installs Certbot with Cloudflare and DNS Challenge on Ubuntu 24.04 +# License : MIT License + +# +# Are we root +# +if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit ; fi + +# +# If snapd is not installed or not working then die +# +if ! timeout 2 snap version >/dev/null 2>&1; then echo "ERROR: snapd is not installed or not working — aborting..." ; exit 1 ; fi + +# +# Function usage +# +usage () { +printf -- "\ncertbotinstall\n\n" +printf -- "Note: Must be run as root or with sudo\n\n" +printf -- "Usage:\n" +printf -- "sudo ./certbotinstall [-p] \n" +printf -- " [-h] \n\n" +printf -- "Examples:\n" +printf -- "sudo ./certbotinstall -p 1234AkkbdceewEFJK\n\n" +} + +# +# Let's go +# +clear + + +# +# Check if no arguments were given +# +if [[ $# -eq 0 ]]; then usage; exit 1; fi + +# +# Manual argument parsing +# +while [[ $# -gt 0 ]]; do + case "$1" in + -p) + shift + if [[ -z "$1" ]]; then + usage + printf "ERROR: API token cannot be empty!\n\n" + exit 1 + fi + apitoken="$1" + + # + # Validate Cloudflare API token format + # + if [[ "$apitoken" =~ [[:space:]] ]]; then + printf "\nERROR: API token cannot contain spaces or line breaks.\n\n" + exit 1 + fi + + if [[ ! "$apitoken" =~ ^[A-Za-z0-9_-]{20,120}$ ]]; then + printf "\nERROR: Invalid API token format.\n" + printf "Expected 20-120 characters (A-Z, a-z, 0-9, - or _).\n\n" + exit 1 + fi + + shift + ;; + -h) + usage + exit 0 + ;; + *) + usage + printf "\nType: sudo %s -h for help\n\n" "$0" + exit 1 + ;; + esac +done + +# +# Install Certbot +# +snap install core && snap refresh core +snap install --classic certbot +ln -sf /snap/bin/certbot /usr/bin/certbot + +# +# Install Cloudflare plugin +# +snap set certbot trust-plugin-with-root=ok +snap install certbot-dns-cloudflare + +# +# Create the directory and the file that will store the API token +# +mkdir -p /etc/letsencrypt +cat > /etc/letsencrypt/dnscloudflare.ini <