Debian 10 Issuing LetsEncrypt certificate through CloudFlare API with Certbot
(Last Updated On: December 12, 2020)
데비안 10 기준.
LetsEncrypt (certbot)와 CloudFlare API를 통한 자동 갱신되는 무료 웹사이트 인증서 생성하기.
1 APT Package
apt -y install python3-certbot-dns-cloudflare
2 CloudFlare API 등록
mkdir -p /root/.secrets/certbot/
chmod -R 700 /root/.secrets
cat > /root/.secrets/certbot/cloudflare.ini << _EOF_
# Cloudflare API credentials used by Certbot
dns_cloudflare_email = [email protected]
dns_cloudflare_api_key = abcdefg123456
_EOF_
chmod 600 /root/.secrets/certbot/cloudflare.ini
3 Challenge
certbot certonly \
-d kerus.net \
-d *.kerus.net \
--server https://acme-v02.api.letsencrypt.org/directory \
--dns-cloudflare --dns-cloudflare-credentials /root/.secrets/certbot/cloudflare.ini \
--preferred-challenges dns-01
4 Cron
# apt -y install cron
crontab -e
0 0 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew
nginx
0 0 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew --renew-hook "systemctl reload nginx"