From e9fb0df2696aafb74ac4a52b335b3d6ce0f97354 Mon Sep 17 00:00:00 2001
From: allan <allan@xfiles.dk>
Date: Thu, 23 Oct 2025 15:48:47 +0200
Subject: [PATCH] initial commit

---
 LICENSE        |  21 ++++++++
 README.md      | 138 +++++++++++++++++++++++++++++++++++++++++++++++++
 certbotinstall | 106 +++++++++++++++++++++++++++++++++++++
 last-tested    |   4 ++
 4 files changed, 269 insertions(+)
 create mode 100644 LICENSE
 create mode 100644 README.md
 create mode 100755 certbotinstall
 create mode 100644 last-tested

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..3eaaa81
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Allan Christensen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..f15ab3a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,138 @@
+# Certbot for Ubuntu 24.04 Server
+[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#)
+[![Shell](https://img.shields.io/badge/shell-bash-121011)](#)
+[![Certbot](https://img.shields.io/badge/certbot-cloudflare_dns-2AABEE)](#)
+[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE)
+
+Automated Bash installer script for deploying **Certbot** with **Cloudflare DNS challenge** support on Ubuntu 24.04.
+
+> **NOTE**
+> Although commonly used for web servers such as Nginx or Apache, this script works with any service that requires TLS certificates.
+
+### Prerequisites
+A Cloudflare API key with **Zone:DNS:Edit** permission for the zone you need a certificate for. See the article [here](https://certbot-dns-cloudflare.readthedocs.io/en/stable/) for detailed information.
+
+### Preparing
+Update your package index before running the installer:
+
+```
+sudo apt update -y
+```
+
+### Download the Script
+Clone the repository from your Git server:
+
+```
+git clone https://git.x-files.dk/webserver/certbot-ubuntu.git
+```
+
+```
+cd certbot-ubuntu
+```
+
+### Usage
+Run the script using:
+
+```
+sudo ./certbotinstall [-p] <Cloudflare API Key>
+```
+
+### Example
+```
+sudo ./certbotinstall -p 1234567890abcdef1234567
+```
+
+### Post-install
+Nothing to do.
+
+### Examples
+
+### Creating a new certificate with Nginx hook
+```
+sudo certbot certonly -d example.com -d www.example.com -d sub1.example.com -d sub2.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini --post-hook "service nginx reload" --non-interactive --agree-tos --email email@example.com --dns-cloudflare-propagation-seconds 30
+```
+
+### Creating a wildcard certificate with Nginx hook
+```
+sudo certbot certonly -d *.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini --post-hook "service nginx reload" --non-interactive --agree-tos --email email@example.com --dns-cloudflare-propagation-seconds 30
+```
+
+### Delete a certificate
+List all certificates:
+```bash
+sudo certbot certificates
+```
+
+Example output:
+```
+Saving debug log to /var/log/letsencrypt/letsencrypt.log
+
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Found the following certs:
+  Certificate Name: example.com
+    Serial Number: 4fac2132bca56b1ce808116378450ed5197
+    Key Type: RSA
+    Domains: example.com sub1.example.com sub2.example.com sub3.example.com
+    Expiry Date: 2022-05-05 08:24:14+00:00 (VALID: 89 days)
+    Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
+    Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+```
+
+Delete `example.com`:
+```
+sudo certbot delete --cert-name example.com
+```
+
+### Adding a subdomain or domain to a certificate
+To add a subdomain, expand the current certificate with the new subdomain. This means including all the existing domains, then expanding with the new subdomain.
+
+Example (adding sub1.example.com):
+```
+sudo certbot certonly --expand -d example.com -d www.example.com -d sub1.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini
+```
+
+> **NOTE**
+> Best practice is to delete the current certificate and request a new one with all domains and subdomains.
+
+### Modify a certificate
+List all certificates:
+```
+sudo certbot certificates
+```
+
+Example output:
+```
+Saving debug log to /var/log/letsencrypt/letsencrypt.log
+
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Found the following certs:
+  Certificate Name: example.com
+    Serial Number: 4fac2132bca56b1ce808116378450ed5197
+    Key Type: RSA
+    Domains: example.com sub1.example.com sub2.example.com sub3.example.com
+    Expiry Date: 2022-05-05 08:24:14+00:00 (VALID: 89 days)
+    Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
+    Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+```
+
+To remove `sub2.example.com`, run:
+```
+sudo certbot --cert-name example.com -d example.com -d sub1.example.com -d sub3.example.com
+```
+
+This will reissue the certificate for example.com, sub1.example.com, and sub3.example.com, leaving out sub2.example.com.
+
+---
+
+### More Information
+
+More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk)
+
+---
+
+### License
+Licensed under the [MIT License](./LICENSE).
+
+---
diff --git a/certbotinstall b/certbotinstall
new file mode 100755
index 0000000..a5bc93f
--- /dev/null
+++ b/certbotinstall
@@ -0,0 +1,106 @@
+#!/usr/bin/env bash
+
+# Author        : Allan Christensen
+# First Created : 08042022 (DD-MM-YYYY)
+# Description   : Installs Certbot with Cloudflare and Dns Challenge on Ubuntu 24.04
+# License       : MIT License (see LICENSE file for details)
+
+#
+# Are we root
+#
+if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit ; fi
+
+#
+# If snap is not installed then die
+#
+if ! command -v snap >/dev/null 2>&1; then echo "ERROR: snap is not installed aborting" ; exit 1 ; fi
+
+#
+# Function usage
+#
+usage () {
+printf -- "\ncertbotinstall\n\n"
+printf -- "Note: Must be run as root or using sudo\n\n"
+printf -- "Usage:\n"
+printf -- "sudo ./certbotinstall [-p] <API Token>\n"
+printf -- "                      [-h] <this screen>\n\n"
+printf -- "Examples:\n"
+printf -- "sudo ./certbotinstall -p 1234AkkbdceewEFJK\n\n"
+}
+
+#
+# Let's go
+#
+clear
+
+#
+# Check if no arguments were given
+#
+if [[ $# -eq 0 ]]; then usage; exit 1; fi
+
+#
+# Manual argument parsing
+#
+while [[ $# -gt 0 ]]; do
+    case "$1" in
+        -p)
+            shift
+            if [[ -z "$1" ]]; then
+                usage
+                printf "ERROR: API TOKEN CANNOT BE EMPTY!\n\n"
+                exit 1
+            fi
+            apitoken="$1"
+
+            # Validate token at least 20 chars alphanum + - _
+            if [[ ! "$apitoken" =~ ^[A-Za-z0-9_-]{20,}$ ]]; then
+                echo "ERROR: API token format seems invalid."
+                echo "Cloudflare API tokens are usually long strings with letters, numbers, - and _."
+                exit 1
+            fi
+
+            shift
+            ;;
+        -h)
+            usage
+            exit 0
+            ;;
+        *)
+            usage
+            printf "\nType: sudo %s -h for help\n\n" "$0"
+            exit 1
+            ;;
+    esac
+done
+
+#
+# Install Certbot
+#
+snap install core && snap refresh core
+snap install --classic certbot
+ln -sf /snap/bin/certbot /usr/bin/certbot
+
+#
+# Install Cloudflare plugin 
+#
+snap set certbot trust-plugin-with-root=ok
+snap install certbot-dns-cloudflare
+
+#
+# Create the directory and the file that will store the api token
+#
+mkdir -p /etc/letsencrypt
+cat > /etc/letsencrypt/dnscloudflare.ini <<EOT
+# Cloudflare API token used by Certbot
+dns_cloudflare_api_token = $apitoken
+EOT
+chmod 0600 /etc/letsencrypt/dnscloudflare.ini
+
+#
+# All done
+#
+printf "\nAll Done...\n\n"
+
+#
+# End of script
+#
diff --git a/last-tested b/last-tested
new file mode 100644
index 0000000..3f1f6ef
--- /dev/null
+++ b/last-tested
@@ -0,0 +1,4 @@
+------------------------------------
+Last tested: 15-10-2025 (DD-MM-YYYY)
+Environment: Ubuntu Server 24.04 LTS
+------------------------------------