# Certbot for Ubuntu 24.04 Server [![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#) [![Shell](https://img.shields.io/badge/shell-bash-121011)](#) [![Certbot](https://img.shields.io/badge/certbot-cloudflare_dns-2AABEE)](#) [![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE) Automated Bash installer script for deploying **Certbot** with **Cloudflare DNS challenge** support on Ubuntu 24.04. > **NOTE** > Although commonly used for web servers such as Nginx or Apache, this script works with any service that requires TLS certificates. ### Prerequisites A Cloudflare API key with **Zone:DNS:Edit** permission for the zone you need a certificate for. See the article [here](https://certbot-dns-cloudflare.readthedocs.io/en/stable/) for detailed information. ### Preparing Update your package index before running the installer: ``` sudo apt update -y ``` ### Download the Script Clone the repository from your Git server: ``` git clone https://git.x-files.dk/webserver/certbot-ubuntu.git ``` ``` cd certbot-ubuntu ``` ### Usage Run the script using: ``` sudo ./certbotinstall [-p] ``` ### Example ``` sudo ./certbotinstall -p 1234567890abcdef1234567 ``` ### Post-install Nothing to do. ### Examples ### Creating a new certificate with Nginx hook ``` sudo certbot certonly -d example.com -d www.example.com -d sub1.example.com -d sub2.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini --post-hook "service nginx reload" --non-interactive --agree-tos --email email@example.com --dns-cloudflare-propagation-seconds 30 ``` ### Creating a wildcard certificate with Nginx hook ``` sudo certbot certonly -d *.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini --post-hook "service nginx reload" --non-interactive --agree-tos --email email@example.com --dns-cloudflare-propagation-seconds 30 ``` ### Delete a certificate List all certificates: ```bash sudo certbot certificates ``` Example output: ``` Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Found the following certs: Certificate Name: example.com Serial Number: 4fac2132bca56b1ce808116378450ed5197 Key Type: RSA Domains: example.com sub1.example.com sub2.example.com sub3.example.com Expiry Date: 2022-05-05 08:24:14+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ``` Delete `example.com`: ``` sudo certbot delete --cert-name example.com ``` ### Adding a subdomain or domain to a certificate To add a subdomain, expand the current certificate with the new subdomain. This means including all the existing domains, then expanding with the new subdomain. Example (adding sub1.example.com): ``` sudo certbot certonly --expand -d example.com -d www.example.com -d sub1.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini ``` > **NOTE** > Best practice is to delete the current certificate and request a new one with all domains and subdomains. ### Modify a certificate List all certificates: ``` sudo certbot certificates ``` Example output: ``` Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Found the following certs: Certificate Name: example.com Serial Number: 4fac2132bca56b1ce808116378450ed5197 Key Type: RSA Domains: example.com sub1.example.com sub2.example.com sub3.example.com Expiry Date: 2022-05-05 08:24:14+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ``` To remove `sub2.example.com`, run: ``` sudo certbot --cert-name example.com -d example.com -d sub1.example.com -d sub3.example.com ``` This will reissue the certificate for example.com, sub1.example.com, and sub3.example.com, leaving out sub2.example.com. --- ### More Information More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk) --- ### License Licensed under the [MIT License](./LICENSE). ---