首先登录CloudFlare的个人中心获取 Global API key
My Profile --> API Token --> Global API Key
创建配置文件
mkdir .secrets
vim /root/.secrets/cloudflare.ini
sudo chmod 0700 /root/.secrets/
sudo chmod 0400 /root/.secrets/cloudflare.ini内容
dns_cloudflare_email = cloudflare@example.com //cloudflare邮箱
dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234 //Global API key
安装certbot
pip3 install certbot安装cloudflare dns 验证插件
sudo apt -y install python3-certbot-dns-cloudflare生成证书 注意这里的通配符域名必须加引号 '*.biubiu.run'
certbot certonly \
--dns-cloudflare \
--dns-cloudflare-credentials /root/.secrets/cloudflare.ini \
-d biubiu.run \
-d '*.biubiu.run'校验证书
openssl x509 -in /etc/letsencrypt/live/biubiu.run/cert.pem -noout -text如果看到输出有如下内容,则表示成功
X509v3 Subject Alternative Name:
DNS:*.biubiu.run, DNS:biubiu.run配置定时更新脚本
15 2 * * * certbot renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"参考文献
Wildcard certificate from Let’s Encrypt with CloudFlare DNS
Welcome to certbot-dns-cloudflare’s documentation!