Learn how to use a Cloudflare API token for LetsEncrypt validation. Our CloudFlare Support team is here to help you with your questions and concerns.
How to use a Cloudflare API Token for LetsEncrypt Validation
Managing SSL certificates can be a difficult task. But the process becomes smoother with Cloudflare API tokens and Let’s Encrypt.
Let’s Encrypt offers free SSL certificates, while Cloudflare makes it easy to obtain and install them on our website.
Today, we will walk through integrating Let’s Encrypt with Cloudflare using API tokens.
Why Cloudflare API Tokens?
Cloudflare API tokens offer a secure way to manage your DNS records, which is essential for validating Let’s Encrypt certificates. While API keys are available, tokens provide more granular control and security.
Step-by-Step Guide
- Before we dive into the installation, make sure the Python modules and the `certbot` versions meet the minimum requirements for using API tokens for Cloudflare DNS validation. If not, we have to install `certbot` and its dependencies manually.
- We can install `certbot` directly from Python’s package repository using `pip`.
sudo apt install python3-pip -y - Next, install `certbot` and the Cloudflare module:
sudo python3 -m pip install certbot certbot-dns-cloudflare - Until `pip` provides a newer version of `python-cloudflare`, we have to install it from the source. Here’s how:
git clone https://github.com/cloudflare/python-cloudflare
cd python-cloudflare
python3 setup.py build
sudo python3 setup.py install
pip3 freeze | grep cloudflare
After running these commands, we will now have version 2.8.13 of `cloudflare` and 1.8.0 of `certbot-dns-cloudflare`.
- Then, create an INI file for the API token and run the command to get the certificate. So, store the INI file in a secure location, preferably where only the root user can read it. Here’s how to create the file:
TOKEN="PutYourApiTokenHere"
echo "dns_cloudflare_api_token = ${TOKEN}" | sudo tee /root/cf-api-token.ini
Make sure the file looks like this, all on one line:
dns_cloudflare_api_token = PutYourApiTokenHere - Next, run the following command to validate and obtain an SSL certificate:
sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /root/cf-api-token.ini -d ourdomain.comIf successful, our new certificates will be in the `/etc/letsencrypt/live` directory.
After the above steps, we can manually move or link the certificates to the application. Furthermore, we can create hooks to automate this process.
[Need assistance with a different issue? Our team is available 24/7.]
Conclusion
And there you have it! With these steps, we can seamlessly manage SSL certificates for our website using Cloudflare API tokens and Let’s Encrypt.
In brief, our Support Experts demonstrated how to use a Cloudflare API token for LetsEncrypt validation
0 Comments