CloudFlare hook for
This is a hook for the Let's Encrypt ACME client dehydrated (previously known as
letsencrypt.sh) that allows you to use CloudFlare DNS records to respond to
dns-01 challenges. Requires Python and your CloudFlare account e-mail and API key being in the environment.
$ cd ~ $ git clone https://github.com/lukas2511/dehydrated $ cd dehydrated $ mkdir hooks $ git clone https://github.com/kappataumu/letsencrypt-cloudflare-hook hooks/cloudflare
If you are using Python 3:
$ pip install -r hooks/cloudflare/requirements.txt
Otherwise, if you are using Python 2 (make sure to also check the urllib3 documentation for possible caveats):
$ pip install -r hooks/cloudflare/requirements-python-2.txt
Your account's CloudFlare email and API key are expected to be in the environment, so make sure to:
$ export CF_EMAILfirstname.lastname@example.org' $ export CF_KEY='K9uX2HyUjeWg5AhAb'
Optionally, you can specify the DNS servers to be used for propagation checking via the
CF_DNS_SERVERS environment variable (props bennettp123):
$ export CF_DNS_SERVERS='22.214.171.124 126.96.36.199'
If you want more information about what is going on while the hook is running:
$ export CF_DEBUG='true'
Alternatively, these statements can be placed in
dehydrated/config, which is automatically sourced by
dehydrated on startup:
echo "export CF_EMAILemail@example.com" >> config echo "export CF_KEY=K9uX2HyUjeWg5AhAb" >> config echo "export CF_DEBUG=true" >> config
$ ./dehydrated -c -d example.com -t dns-01 -k 'hooks/cloudflare/hook.py' # # !! WARNING !! No main config file found, using default config! # Processing example.com + Signing domains... + Creating new directory /home/user/dehydrated/certs/example.com ... + Generating private key... + Generating signing request... + Requesting challenge for example.com... + CloudFlare hook executing: deploy_challenge + DNS not propagated, waiting 30s... + DNS not propagated, waiting 30s... + Responding to challenge for example.com... + CloudFlare hook executing: clean_challenge + Challenge is valid! + Requesting certificate... + Checking certificate... + Done! + Creating fullchain.pem... + CloudFlare hook executing: deploy_cert + ssl_certificate: /home/user/dehydrated/certs/example.com/fullchain.pem + ssl_certificate_key: /home/user/dehydrated/certs/example.com/privkey.pem + Done!
If you want some prose to go with the code, check out the relevant blog post here: From StartSSL to Let's Encrypt, using CloudFlare DNS.