certbot联合cloud flare申请证书

发表于 更新于 分类于

前提

  1. 域名被cloudflare管理
  2. docker环境

使用docker申请

  1. Cloud Flare上去获取Global API Key;并写入到cloudflare.ini配置文件中去

    1
    2
    3
    4
    mkdir certbot

    echo "dns_cloudflare_email = [email protected]
    dns_cloudflare_api_key = cf-global-token" > certbot/cloudflare.ini

  2. 申请证书

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    docker run -it --rm --name certbot \
                -v ./certbot/etc:/etc/letsencrypt \
                -v ./certbot/lib:/var/lib/letsencrypt \
                -v ./certbot:/.secrets \
                certbot/dns-cloudflare certonly \
                --non-interactive \
                --dns-cloudflare \
                --dns-cloudflare-credentials /.secrets/cloudflare.ini \
                --dns-cloudflare-propagation-seconds 60 \
                -m [email protected] \
                --agree-tos \
                --no-eff-email \
                -d '*.your.domain'

  3. renew证书

    1
    2
    3
    4
    5
    docker run -it --rm --name certbot \
        -v "./certbot/etc:/etc/letsencrypt" \
        -v "./certbot/cloudflare.ini:/cloudflare.ini" \
        certbot/dns-cloudflare renew \
        --dns-cloudflare --dns-cloudflare-credentials /cloudflare.ini