Certbot with Cloudflare DNS on Ubuntu 24.04

Automated installer for Certbot + Cloudflare DNS challenge on Ubuntu 24.04.

This setup issues HTTPS certificates without exposing ports 80/443,
making it perfect for Nginx, Gitea, DokuWiki, WordPress, mail servers — anything.

Production use ready. No click-through wizard nonsense.

---

Requirements

You need:

✔ A Cloudflare API key with DNS:Edit permissions
✔ A domain pointing to Cloudflare

Guide if needed:
https://certbot-dns-cloudflare.readthedocs.io/

---

1. Download

git clone https://git.x-files.dk/webserver/certbot-ubuntu.git
cd certbot-ubuntu

---

2. Run the installer

sudo ./certbotinstall [-p] <Cloudflare API Key>

Example:

sudo ./certbotinstall -p 1234567890abcdef123456abcd

After installation, certbot is ready to issue certificates immediately.

---

3. Issue Certificates

Standard certificate + Nginx reload

sudo certbot certonly   -d example.com -d www.example.com   --dns-cloudflare   --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini   --post-hook "service nginx reload"   --non-interactive --agree-tos   --email admin@example.com   --dns-cloudflare-propagation-seconds 30

---

Wildcard (includes all subdomains)

sudo certbot certonly   -d *.example.com   --dns-cloudflare   --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini   --post-hook "service nginx reload"   --non-interactive --agree-tos   --email admin@example.com   --dns-cloudflare-propagation-seconds 30

Wildcard = ideal for multi-site hosting.

---

Certificate Management

List certificates

sudo certbot certificates

Delete certificate

sudo certbot delete --cert-name example.com

---

Add new subdomain to existing cert

sudo certbot certonly --expand   -d example.com -d www.example.com -d sub1.example.com   --dns-cloudflare   --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini

Best practice:

If many domains change → reissue instead of modifying.

---

Modify/Remove domains

List existing:

sudo certbot certificates

Reissue without sub2.example.com:

sudo certbot --cert-name example.com   -d example.com -d sub1.example.com -d sub3.example.com

---

More Information

More guides and documentation can be found on wiki.x-files.dk

---

License

Licensed under the MIT License.

---