This simple utility is intended to facilitate the creation of wildcard SSL certificates, particularly with mod_md. It supports Cloudflare DNS services.
Download the .phar, put it somewhere. Create /etc/dns-challenge.yml, and ensure it's readable only by root and the web server user (often www-data).
Add the following configuration to /etc/dns-challenge.yml:
dns:
record_name: _acme-challenge
record_type: TXT
record_ttl: 120
cloudflare:
account: admin@xyz.zcloud
api_key: [API key from cloudflare.com]
Configure apache for mod_md. It should look something like this:
<IfModule mod_ssl.c>
<MDomain xyz.cloud>
MDMember *.xyz.cloud
</MDomain>
MDChallengeDns01 /sbin/dns-challenge --
MDCertificateAgreement accepted
MDContactEmail admin@xyz.cloud
MDCAChallenges dns-01
<VirtualHost _default_:443>
ServerAdmin admin@xyz.cloud
ServerName xyz.cloud
...
</VirtualHost>
</IfModule>
When mod_md needs a challenge, it will run the command
dns-challenge.phar setup [zone] [challenge]
.
When the challenge is complete and no longer necessary, mod_md will run
dns-challenge.phar teardown [zone]
.
This software uses the cloudflare API to place and remove the challenge in DNS.
This software is in the public domain. Included librariers are covered under their own licenses. See LICENSE for details.
Cloudflare is a registered trademark of Cloudflare, Inc.