Products Pricing VPN Tools Company Support
Blog
Oct 14, 2019
Article

How to get a wildcard SSL certificate with letsencrypt and cloudflare on Centos 7

Let's consider obtaining an SSL certificate for a domain and all subdomains through DNS validation using CloudFlare as one of the most popular DNS services

As you know, cloudflare does not provide wildcard proxies and, accordingly, wildcard certificates at a free rate.
Let's consider obtaining an SSL certificate for a domain and all subdomains through DNS validation using CloudFlare as one of the most popular DNS services

1) Install certbot latest version 

First install git and python 3
yum install epel-release -y
yum install git python3 python3-pip -y

Clone and install the current version of certbot 
cd /usr/src/
git clone <a href="https://github.com/certbot/certbot">https://github.com/certbot/certbot</a>
cd certbot/
pyshon3 setup.py install

2) Install the dns cloudflare plugin 

pip3 install certbot-dns-cloudflare

Check that the plugin is installed correctly 
/usr/local/bin/certbot plugins

We should get a output like 
* dns-cloudflare
...
* standalone
...
* webroot
...

3) Get the api key for our CloudFlare account in the panel and write to the file

My profile - Api tokens - Global API Key - View (click)
Write the details in email and api key to a file 
echo dns_cloudflare_email = YourMailAccOnCF@example.com > /root/cloudflaredns
echo dns_cloudflare_api_key = 3outy1zk0juw6qm80ao37ywnkl2u69fv53820 >> /root/cloudflaredns
chmod 600 /root/cloudflaredns


4) Receive the certificate for the domain 

DOMAIN=WildCardDomain.com
CFMAIL=YourMailAccOnCF@example.com
/usr/local/bin/certbot certonly -n -m ${CFMAIL} --agree-tos --expand --dns-cloudflare --dns-cloudflare-credentials /root/cloudflaredns --dns-cloudflare-propagation-seconds 30 -d ${DOMAIN} -d "*.${DOMAIN}"

5) Will re-issue your SSL certificate every month. 

mkdir /root/root/sbin/
cat > /root/sbin/letsencrypt-dns-update << EOL
#!/bin/bash
/usr/local/bin/certbot certonly -n -m ${CFMAIL} --agree-tos --expand --dns-cloudflare --dns-cloudflare-credentials /root/cloudflaredns --dns-cloudflare-propagation-seconds 30 -d "${DOMAIN}" -d "*.${DOMAIN}"
EOL
chmod 755 /root/sbin/letsencrypt-dns-update
echo '01 01 01 *  * root (sleep `shuf -i 1-10400 -n 1`s ; /root/sbin/letsencrypt-dns-update' > /etc/cron.d/letsencrypt-dns-update
You can find your SSL certificate along the path: 
/etc/letsencrypt/live/WildCardDomain.com/



Ready script for certificate issuance 

DOMAIN=WildCardDomain.com
CFMAIL=YourMailAccOnCF@example.com
CFAPIKEY=3outy1zk0juw6qm80ao37ywnkl2u69fv53820
yum install epel-release -y
yum install git python3 python3-pip -y
cd /usr/src/
git clone <a href="https://github.com/certbot/certbot">https://github.com/certbot/certbot</a>
cd certbot/
pyshon3 setup.py install
pip3 install certbot-dns-cloudflare
echo dns_cloudflare_email = ${CFMAIL} > /root/cloudflaredns
echo dns_cloudflare_api_key = ${CFAPIKEY} >> /root/cloudflaredns
chmod 600 /root/cloudflaredns
/usr/local/bin/certbot certonly -n -m ${CFMAIL} --agree-tos --expand --dns-cloudflare --dns-cloudflare-credentials /root/cloudflaredns --dns-cloudflare-propagation-seconds 30 -d "${DOMAIN}" -d "*.${DOMAIN}"
cat > /root/sbin/letsencrypt-dns-update << EOL
#!/bin/bash
/usr/local/bin/certbot certonly -n -m ${CFMAIL} --agree-tos --expand --dns-cloudflare --dns-cloudflare-credentials /root/cloudflaredns --dns-cloudflare-propagation-seconds 30 -d "${DOMAIN}" -d "*.${DOMAIN}"
EOL
chmod 755 /root/sbin/letsencrypt-dns-update
echo '01 01 01 *  * root (sleep `shuf -i 1-10400 -n 1`s ; /root/sbin/letsencrypt-dns-update' > /etc/cron.d/letsencrypt-dns-update
tail -n 1000 /etc/letsencrypt/live/${DOMAIN}/*
There are no comments yet. Be first.
Write a comment
This site is protected by reCAPTCHA and the Google
Privacy Policy and Terms of Service apply.
Close
You may also be interested in
How to clean up disk space if after deleting a file disk space is not released - interactive bash script
Oct 30, 2019
Article How to clean up disk space if after deleting a file disk space is not released - interactive bash script
Each of us may have come across situations when, after clearing files on the server (based on Centos, Debian, Ubuntu, etc.), deleting unnecessary files did not clear the disk space.
How to install Sentry on Centos 7
Oct 29, 2019
Article How to install Sentry on Centos 7
In this manual we will tell you how to install Sentry on Centos 7, and do it quickly, correctly and reliably. In addition, we will prepare the configuration for Supervisor, with which we will manage the main Sentry services.
How to Install and configure Squid proxy in one click
Oct 23, 2019
Article How to Install and configure Squid proxy in one click
Proxies and VPNs at the current stage of Internet development have become a necessary tool for almost every user. Improving security, bypassing website blocking and restrictions are some of the main advantages of using proxy services. Someone prefers...
Recovering corrupted mysql innodb database from files on Centos 7
Oct 22, 2019
Article Recovering corrupted mysql innodb database from files on Centos 7
As a result of an unexpected shutdown of the database server, or for other reasons, sometimes the MySQL InnoDB storage engine may be damaged, as a result of which the MySQL service will stop starting. You can solve this problem as follows.