Obtaining Wildcard SSL certificate from Let’s Encrypt using CloudFlare DNS

If you use Cloudflare for your domain DNS management, Certbot and Cloudflare can team up to make it simple for you to get a SSL certificate called a wildcard SSL certificate. This certificate automatically verifies your domain through DNS, saving you time and effort.

With a wildcard certificate, you can secure not only your main domain (e.g., example.com) but also all its subdomains (like wiki.example.com and files.example.com) with just one certificate. It’s like having a single protective blanket for all your website’s parts, making it easier to manage your website’s security and encryption.

Using the Cloudflare DNS plugin, Certbot will create, validate, and then remove a TXT record via Cloudflare’s API. This process serves as proof of your domain ownership and authorization to obtain an SSL certificate for the domain

We have used ubuntu 22.04 LTS for this configuration

Install Certbot

sudo snap install --classic certbot
sudo snap install certbot-dns-cloudflare

Configure Cloudflare Credentials

You will require your Cloudflare account’s associated email address and the Cloudflare Global API Key.

Create a directory for secrets

mkdir /root/.secrets/
touch /root/.secrets/cloudflare.ini

Add credentials to secrets file

nano /root/.secrets/cloudflare.ini

The above file should contain the following:

dns_cloudflare_email = [email protected]
dns_cloudflare_api_key = yourapikey

save the file (Control + O, press Enter, Control +X to Save and Exit).

Secure the secrets file

sudo chmod 0700 /root/.secrets/
sudo chmod 0400 /root/.secrets/cloudflare.ini

Get your Certificates

Now that Certbot setup is complete.
Use below command to obtain your SSL certificates from Let’s Encrypt.

sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/cloudflare.ini -d example.com,*.example.com --preferred-challenges dns-01

Certificates will be saved to /etc/letsencrypt/live/example.com/

If you require assistance with managing the servers, look no further than the Server Pundits team. We offer comprehensive one-time server setup services and convenient monthly server maintenance packages. Our dedicated services ensure a worry-free experience with your cloud IT infrastructure, enabling you to concentrate on your core business with confidence.

Scroll to Top