Step 1: Move DNS to Cloudflare (if not already)
Create a free account at:
Add domain.com and update your nameservers at your domain registrar.
Step 2: Create Cloudflare API Token
Go to:
Create Token → Edit Zone DNS template.
Permissions:
- Zone → DNS → Edit
- Zone → Zone → Read
Zone Resources:
-
Include → Specific Zone →
domain.com
Save and copy the token.
Step 3: Install Certbot Cloudflare Plugin
Ubuntu/Debian:
sudo apt update
sudo apt install python3-certbot-dns-cloudflare -y
Verify:
certbot plugins
You should see:
dns-cloudflare
Step 4: Create Credentials File
sudo nano /root/.cloudflare.ini
Add:
dns_cloudflare_api_token = YOUR_CLOUDFLARE_API_TOKEN
Secure it:
sudo chmod 600 /root/.cloudflare.ini
Step 5: Request Wildcard Certificate
sudo certbot certonly \.com'
--dns-cloudflare \
--dns-cloudflare-credentials /root/.cloudflare.ini \
-d domain.com \
-d '*.domain
No manual TXT records will be required.
Step 6: Test Auto Renewal
sudo certbot renew --dry-run
Expected result:
Congratulations, all simulated renewals succeeded
Step 7: Verify Cron/Systemd Timer
sudo systemctl list-timers | grep certbot
or
sudo certbot renew --dry-run
Certbot will automatically renew before expiry and reload the certificate.
