# Certbot with Cloudflare DNS for Ubuntu 24.04
[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#)
[![Shell](https://img.shields.io/badge/shell-bash-121011)](#)
[![Certbot](https://img.shields.io/badge/certbot-cloudflare_dns-2AABEE)](#)
[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE)

Install Certbot using Cloudflare DNS validation on Ubuntu 24.04 server.

This is not a test environment and not a casual demo.  
This is a production-grade installer built to issue and renew certificates reliably — including wildcards.

## Why this installer exists
DNS-01 validation is simpler and more flexible than HTTP-01 — especially for wildcard certificates and multi-host setups.

## What this installer does  
✔ Automates DNS-01 via Cloudflare  
✔ Supports wildcard certificates  
✔ Optional Nginx reload hook  
✔ Ideal for multi-site deployments  

## What this installer does *NOT* do
It won’t stop you from running the script without reading the documentation like there’s no tomorrow.  
Skip the README, and whatever happens next is your headache, not a bug report.

---

## Requirements

### You need:

✔ A Cloudflare API key with DNS:Edit permissions  
✔ A domain pointing to Cloudflare  

Guide if needed:  
[Certbot Cloudflare](https://certbot-dns-cloudflare.readthedocs.io/)

---

## 1. Download

```
git clone https://git.x-files.dk/webserver/certbot-ubuntu.git
```

```
cd certbot-ubuntu
```

---

## 2. Run the installer

```
sudo ./certbotinstall [-p] <Cloudflare API Key>
```

Example:

```
sudo ./certbotinstall -p 1234567890abcdef123456abcd
```

After installation, certbot is ready to issue certificates immediately.

---

## 3. Issue Certificates

### Standard certificate + Nginx reload

```
sudo certbot certonly   -d example.com -d www.example.com   --dns-cloudflare   --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini   --post-hook "service nginx reload"   --non-interactive --agree-tos   --email admin@example.com   --dns-cloudflare-propagation-seconds 30
```

---

### Wildcard (includes all subdomains)

```
sudo certbot certonly   -d *.example.com   --dns-cloudflare   --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini   --post-hook "service nginx reload"   --non-interactive --agree-tos   --email admin@example.com   --dns-cloudflare-propagation-seconds 30
```

Wildcard = **ideal for multi-site hosting**.

---

## Certificate Management

### List certificates
```
sudo certbot certificates
```

### Delete certificate
```
sudo certbot delete --cert-name example.com
```

---

## Add new subdomain to existing cert

```
sudo certbot certonly --expand   -d example.com -d www.example.com -d sub1.example.com   --dns-cloudflare   --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini
```

### Best practice:
If many domains change → reissue instead of modifying.

---

### Modify/Remove domains

List existing:

```
sudo certbot certificates
```

Reissue without `sub2.example.com`:

```
sudo certbot --cert-name example.com   -d example.com -d sub1.example.com -d sub3.example.com
```

---

### More Information

More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk)

---

### License
Licensed under the [MIT License](./LICENSE).

---