If you like this project, or use it, please, star it!
Cloudflare Bash hook for dehydrated.
| CI / CD | Status |
|---|---|
| Travis |  |
| Docker |  |
If you cannot solve the HTTP-01 challenge, you need to solve the DNS-01 challenge. Details here.
With use of Cloudflare API (valid also on free plan!), this script will verify your domain putting a new record with a special token inside DNS zone. At the end of Let's Encrypt validation, that record will be deleted.
Depends on jq: sudo apt get install -y jq
You only need:
- Register on Cloudflare (it works also on free plan)
- Change your domain DNS to manage them in Cloudflare (follow their guide).
- Run
dehydratedwith this hook (or run Docker image, see below)
You will find the certificates in the folder of dehydrated.
cfhookbash has some prerequisites:
- cURL
- jq
- Active account on Cloudflare (tested with free account)
- Dehydrated (follow the instructions on Github)
cd ~
git clone https://github.com/sineverba/cfhookbash.git- Create a file
domains.txtin the folder ofdehydrated - Put inside a list (one for line) of domains that need certificates.
www.example.com
home.example.net
[...]- Move to the folder of
cfhookbash - Copy
config.default.shtoconfig.sh - Edit
config.sh. To get values:
| Value | Where to find |
|---|---|
| Zone ID | Main page domain > Right Column > API section |
| Global API Key | Account > My Profile > API Tokens > Api Keys > Global API Key |
Make a first run with CA="https://acme-staging-v02.api.letsencrypt.org/directory" placed in a config file in root directory of dehydrated.
./dehydrated -c -t dns-01 -k '${PATH_WHERE_YOU_CLONED_CFHOOKBASH}/cfhookbash/hook.sh'You will find the certificates inside ~/dehydrated/certs/[your.domain.name.
You can find in hook.sh a recall to another file (deploy.sh).
Here you can write different operation to execute AFTER every successfull challenge.
There is a stub file deploy.config.sh.
Usage:
copy deploy.config.sh deploy.sh && rm deploy.config.sh && nano deploy.shRemember that some action require sudo privilege (start and stop webserver, e.g.).
Best is run as root and running in cronjob specify full paths.
Following script will run every monday at 4AM and will create a log in home folder.
$ sudo crontab -e
0 4 * * 1 cd /home/YOUR_USER/dehydrated && /home/YOUR_USER/dehydrated/dehydrated -c -t dns-01 -k '/home/YOUR_USER/dehydrated/hooks/cfhookbash/hook.sh' >> /home/YOUR_USER/cfhookbash.log- Move to folder where you downloaded it
- Type
git checkout master && git pull
| Error | Body | Solution |
|---|---|---|
| 7003 | { "code": 7003, "message": "Could not route to /zones/dns_records, perhaps your object identifier is invalid?" }, { "code": 7000, "message": "No route for that URI" } |
Check your Zone ID value. Probably is wrong. |
Everyone is welcome to contribute! See CONTRIBUTING.md
- YasharF
- Ramblurr
Inspired by
- https://www.splitbrain.org/blog/2017-08/10-homeassistant_duckdns_letsencrypt
- https://github.com/kappataumu/letsencrypt-Cloudflare-hook
- Make a new dir (e.g.
mkdir -p /home/$USER/cfhookbashdocker) - Create a
/certsfolder - Create a
/configfolder - Create a
config.shfile in/config/and fill it (see below how to get data) - Create a
domains.txtfile in/config/and insert a domain for every line - Make a first run in stage mode: create a
configfile under/configwith this contentCA="https://acme-staging-v02.api.letsencrypt.org/directory"
Run
docker run -it \
-v ${PWD}/certs:/certs \
-v ${PWD}/config:/config \
--name cfhookbash \
sineverba/cfhookbash:latest- Certs will be available in
/certs - Docker run a cronjob every minute