Want more timely Centmin Mod News Updates?
Become a Member

Letsencrypt Cloudflare Get Free Letsencrypt SSL Certificates via Cloudflare DNS API Domain Verification

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Apr 12, 2022.

Thread Status:
Not open for further replies.
  1. eva2000

    eva2000 Administrator Staff Member

    48,440
    11,102
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,281
    Local Time:
    7:38 PM
    Nginx 1.21.x
    MariaDB 10.x
    Instead of default webroot URL authentication, addons/acmetool.sh also now supports full Cloudflare DNS API domain validation for Letsencrypt SSL certificate issuance that can be optionally enabled variables for Cloudflare API Token is set in persistent config file at /etc/centminmod/custom_config.inc. Existing users need to run cmupdate command to get updated addons/acmetool.sh. Then add these 3 variables to their persistent config file at /etc/centminmod/custom_config.inc - create the file if it doesn't already exist.
    Code (Text):
    CF_DNSAPI_GLOBAL='y'
    CF_Token="YOUR_CF_TOKEN"
    CF_Account_ID="YOUR_CF_ACCOUNT_ID"


    Cloudflare API Tokens, requires you to create your Cloudflare Token API with permissions for read access to Zone.Zone, and edit/write access to Zone.DNS, across all Zones at https://dash.cloudflare.com/profile/api-tokens and to grab your Cloudflare Account ID from any of your Cloudflare domain's main dashboard's right side column listing.

    cf-zone-id-account-id-01.png


    cf-api-tokens-acme.sh-dns-00.png

    You can also lock down the Cloudflare API Token using Client IP Address Filtering, so when you create the Cloudflare API Token, you can list your domain's IPv4 and if applicable IPv6 server IP address. This will only allow the Cloudflare API Token you created to work on that specific server(s). If you have more than one server, you'd need to add those servers' IPv4 and IPv6 addresses too.

    Only one Cloudflare Account is supported, so intended domains need to be within same Cloudflare Account unless you have Cloudflare Account with invited administrator access to other Cloudflare Accounts and you can generate the CF API Token to include access to the other Cloudflare Accounts.
     
    Last edited: Apr 12, 2022
Thread Status:
Not open for further replies.