Debian 10 Issuing LetsEncrypt certificate through CloudFlare API with Certbot

(Last Updated On: December 12, 2020)

데비안 10 기준.
LetsEncrypt (certbot)와 CloudFlare API를 통한 자동 갱신되는 무료 웹사이트 인증서 생성하기.

1 APT Package

apt -y install python3-certbot-dns-cloudflare

2 CloudFlare API 등록

mkdir -p /root/.secrets/certbot/
chmod -R 700 /root/.secrets
cat > /root/.secrets/certbot/cloudflare.ini << _EOF_
# Cloudflare API credentials used by Certbot
dns_cloudflare_email = [email protected]
dns_cloudflare_api_key = abcdefg123456
_EOF_

chmod 600 /root/.secrets/certbot/cloudflare.ini

3 Challenge

certbot certonly \
-d kerus.net \
-d *.kerus.net \
--server https://acme-v02.api.letsencrypt.org/directory \
--dns-cloudflare --dns-cloudflare-credentials /root/.secrets/certbot/cloudflare.ini \
--preferred-challenges dns-01

4 Cron

# apt -y install cron
crontab -e
0 0 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew
nginx
0 0 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew --renew-hook "systemctl reload nginx"