Managing TLS Certificates with Certbot

Install Certbot

Note that you probably dont need both the apache and nginx plugins. Install the appropriate plugin based on the server software in use on the server.

• RHEL Derivatives

  # Debian Derivatives
  # Apache/Httpd
  apt install python3-certbot python3-certbot-apache
  # Nginx
  apt install python3-certbot python3-certbot-nginx
  
  # RHEL Derivatives
  # Apache/Httpd
  dnf install python3-certbot python3-certbot-apache
  # Nginx
  dnf install python3-certbot python3-certbot-nginx

Renew Using Cloudflare Plugin

1. Install the cloudflare plugin

   # RHEL Derivatives
   dnf install python3-certbot-dns-cloudflare -y
   # Debian Derivatives
   apt install python3-certbot-dns-cloudflare -y

2. Create secrets file for CF API auth. Make sure to update the api_key variable’s value from cf_api_key_here to the proper API key.

   touch ~/.cf.secret
   api_key='cf_api_key_here'
   echo -e "dns_cloudflare_email = it@xentermd.com\ndns_cloudflare_api_key = ${api_key}" > ~/.cf.secret

3. Request/Renew certificate

   # Request but dont install cert
   certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.cf.secret
   # Renew and install cert
   certbot renew --dns-cloudflare --dns-cloudflare-credentials ~/.cf.secret