Certbot on Ubuntu, wildcard subdomains via CloudFlare DNS challenge

certbot.sh

# Used on Ubuntu 18.04 and 20.04
# Find instructions for other OSes here: https://certbot.eff.org/instructions

# Install Certbot via Snaps
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

# Install DNS CloudFlare plugin
sudo snap set certbot trust-plugin-with-root=ok
sudo snap install certbot-dns-cloudflare

# This directory may not exist yet
sudo mkdir -p /etc/letsencrypt


# Create file with the Cloudflare API token
sudo tee /etc/letsencrypt/dnscloudflare.ini > /dev/null <<EOT
# Cloudflare API token used by Certbot
dns_cloudflare_api_token = AN_API_TOKEN_HERE
EOT

# Secure that file (otherwise certbot yells at you)
sudo chmod 0600 /etc/letsencrypt/dnscloudflare.ini

# Create a certificate!
# This has nginx reload upon renewal,
# which assumes Nginx is using the created certificate
# You can also create non-wildcard subdomains, e.g. "-d foo.example.org"
sudo certbot certonly -d *.example.org \
    --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini \
    --post-hook "service nginx reload" \
    --non-interactive --agree-tos \
    --email [email protected]

# Test it out
sudo certbot renew --dry-run

Hey @ItsTNJS !

That sort of sounds like the cloudflare plugin didn't get installed, kind of a weird error to see. Any chance you have 2 certbot's installed? (which which -a certbot to see if you get more than one location back for the command)

Thank you, I figured out the problem was I had the plugin installed through a different manager than certbot somehow. Such simple things take hours to find lol. Thanks!

I'm late to the party as ever, but this is super helpful - thank you so much!

I'm late to the party as ever, but this is super helpful - thank you so much!

It's github, it's never too late 😂
I commented on a 10 year old repo and got a response within an hour last week 💀

not all heros wear capes

supreme lord