How to get a wildcard SSL certificate with letsencrypt and cloudflare on Centos 7

As you know, cloudflare does not provide wildcard proxies and, accordingly, wildcard certificates at a free rate.
Let's consider obtaining an SSL certificate for a domain and all subdomains through DNS validation using CloudFlare as one of the most popular DNS services

1) Install certbot latest version

First install git and python 3
yum install epel-release -y
yum install git python3 python3-pip -y

Clone and install the current version of certbot
cd /usr/src/
git clone <a href="https://github.com/certbot/certbot">https://github.com/certbot/certbot</a>
cd certbot/
pyshon3 setup.py install

2) Install the dns cloudflare plugin

pip3 install certbot-dns-cloudflare

Check that the plugin is installed correctly
/usr/local/bin/certbot plugins

We should get a output like
* dns-cloudflare
...
* standalone
...
* webroot
...

3) Get the api key for our CloudFlare account in the panel and write to the file

My profile - Api tokens - Global API Key - View (click)
Write the details in email and api key to a file
echo dns_cloudflare_email = YourMailAccOnCF@example.com > /root/cloudflaredns
echo dns_cloudflare_api_key = 3outy1zk0juw6qm80ao37ywnkl2u69fv53820 >> /root/cloudflaredns
chmod 600 /root/cloudflaredns


4) Receive the certificate for the domain

DOMAIN=WildCardDomain.com
CFMAIL=YourMailAccOnCF@example.com
/usr/local/bin/certbot certonly -n -m ${CFMAIL} --agree-tos --expand --dns-cloudflare --dns-cloudflare-credentials /root/cloudflaredns --dns-cloudflare-propagation-seconds 30 -d ${DOMAIN} -d "*.${DOMAIN}"

5) Will re-issue your SSL certificate every month.

mkdir /root/root/sbin/
cat > /root/sbin/letsencrypt-dns-update << EOL
#!/bin/bash
/usr/local/bin/certbot certonly -n -m ${CFMAIL} --agree-tos --expand --dns-cloudflare --dns-cloudflare-credentials /root/cloudflaredns --dns-cloudflare-propagation-seconds 30 -d "${DOMAIN}" -d "*.${DOMAIN}"
EOL
chmod 755 /root/sbin/letsencrypt-dns-update
echo '01 01 01 *  * root (sleep `shuf -i 1-10400 -n 1`s ; /root/sbin/letsencrypt-dns-update' > /etc/cron.d/letsencrypt-dns-update
You can find your SSL certificate along the path:
/etc/letsencrypt/live/WildCardDomain.com/



Ready script for certificate issuance

DOMAIN=WildCardDomain.com
CFMAIL=YourMailAccOnCF@example.com
CFAPIKEY=3outy1zk0juw6qm80ao37ywnkl2u69fv53820
yum install epel-release -y
yum install git python3 python3-pip -y
cd /usr/src/
git clone <a href="https://github.com/certbot/certbot">https://github.com/certbot/certbot</a>
cd certbot/
pyshon3 setup.py install
pip3 install certbot-dns-cloudflare
echo dns_cloudflare_email = ${CFMAIL} > /root/cloudflaredns
echo dns_cloudflare_api_key = ${CFAPIKEY} >> /root/cloudflaredns
chmod 600 /root/cloudflaredns
/usr/local/bin/certbot certonly -n -m ${CFMAIL} --agree-tos --expand --dns-cloudflare --dns-cloudflare-credentials /root/cloudflaredns --dns-cloudflare-propagation-seconds 30 -d "${DOMAIN}" -d "*.${DOMAIN}"
cat > /root/sbin/letsencrypt-dns-update << EOL
#!/bin/bash
/usr/local/bin/certbot certonly -n -m ${CFMAIL} --agree-tos --expand --dns-cloudflare --dns-cloudflare-credentials /root/cloudflaredns --dns-cloudflare-propagation-seconds 30 -d "${DOMAIN}" -d "*.${DOMAIN}"
EOL
chmod 755 /root/sbin/letsencrypt-dns-update
echo '01 01 01 *  * root (sleep `shuf -i 1-10400 -n 1`s ; /root/sbin/letsencrypt-dns-update' > /etc/cron.d/letsencrypt-dns-update
tail -n 1000 /etc/letsencrypt/live/${DOMAIN}/*