webserver/certbot-ubuntu

Fork 0

Go to file

allan 6f4dcc5238 minor readability changes

2025-11-28 14:03:35 +01:00

certbotinstall

Applied SPDX-License-Identifier: MIT across repository

2025-11-26 15:40:46 +01:00

last-tested

last tested

2025-11-19 17:23:57 +01:00

LICENSE

initial commit

2025-10-23 15:48:47 +02:00

README.md

minor readability changes

2025-11-28 14:03:35 +01:00

README.md

Certbot with Cloudflare DNS on Ubuntu 24.04

Automated installer for Certbot + Cloudflare DNS challenge on Ubuntu 24.04.

This setup issues HTTPS certificates without exposing ports 80/443,
making it perfect for Nginx, Gitea, DokuWiki, WordPress, mail servers — anything.

Production use ready. No click-through wizard nonsense.

Requirements

You need:

✔ A Cloudflare API key with DNS:Edit permissions
✔ A domain pointing to Cloudflare

Guide if needed:
https://certbot-dns-cloudflare.readthedocs.io/

1. Download

git clone https://git.x-files.dk/webserver/certbot-ubuntu.git

cd certbot-ubuntu

2. Run the installer

sudo ./certbotinstall [-p] <Cloudflare API Key>

Example:

sudo ./certbotinstall -p 1234567890abcdef123456abcd

After installation, certbot is ready to issue certificates immediately.

3. Issue Certificates

Standard certificate + Nginx reload

sudo certbot certonly   -d example.com -d www.example.com   --dns-cloudflare   --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini   --post-hook "service nginx reload"   --non-interactive --agree-tos   --email admin@example.com   --dns-cloudflare-propagation-seconds 30

Wildcard (includes all subdomains)

sudo certbot certonly   -d *.example.com   --dns-cloudflare   --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini   --post-hook "service nginx reload"   --non-interactive --agree-tos   --email admin@example.com   --dns-cloudflare-propagation-seconds 30

Wildcard = ideal for multi-site hosting.

Certificate Management

List certificates

sudo certbot certificates

Delete certificate

sudo certbot delete --cert-name example.com

Add new subdomain to existing cert

sudo certbot certonly --expand   -d example.com -d www.example.com -d sub1.example.com   --dns-cloudflare   --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini

Best practice:

If many domains change → reissue instead of modifying.

Modify/Remove domains

List existing:

sudo certbot certificates

Reissue without sub2.example.com:

sudo certbot --cert-name example.com   -d example.com -d sub1.example.com -d sub3.example.com

More Information

More guides and documentation can be found on wiki.x-files.dk

License

Licensed under the MIT License.