• Stars
    star
    273
  • Rank 150,780 (Top 3 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 9 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Use CloudFlare with dehydrated (formerly letsencrypt.sh) and DNS challenges

CloudFlare hook for dehydrated

This is a hook for the Let's Encrypt ACME client dehydrated (previously known as letsencrypt.sh) that allows you to use CloudFlare DNS records to respond to dns-01 challenges. Requires Python and your CloudFlare account e-mail and API key being in the environment.

Installation

$ cd ~
$ git clone https://github.com/lukas2511/dehydrated
$ cd dehydrated
$ mkdir hooks
$ git clone https://github.com/kappataumu/letsencrypt-cloudflare-hook hooks/cloudflare

If you are using Python 3:

$ pip install -r hooks/cloudflare/requirements.txt

Otherwise, if you are using Python 2 (make sure to also check the urllib3 documentation for possible caveats):

$ pip install -r hooks/cloudflare/requirements-python-2.txt

Configuration

Your account's CloudFlare email and API key are expected to be in the environment, so make sure to:

$ export CF_EMAIL='[email protected]'
$ export CF_KEY='K9uX2HyUjeWg5AhAb'

Optionally, you can specify the DNS servers to be used for propagation checking via the CF_DNS_SERVERS environment variable (props bennettp123):

$ export CF_DNS_SERVERS='8.8.8.8 8.8.4.4'

If you want more information about what is going on while the hook is running:

$ export CF_DEBUG='true'

Alternatively, these statements can be placed in dehydrated/config, which is automatically sourced by dehydrated on startup:

echo "export [email protected]" >> config
echo "export CF_KEY=K9uX2HyUjeWg5AhAb" >> config
echo "export CF_DEBUG=true" >> config

Usage

$ ./dehydrated -c -d example.com -t dns-01 -k 'hooks/cloudflare/hook.py'
#
# !! WARNING !! No main config file found, using default config!
#
Processing example.com
 + Signing domains...
 + Creating new directory /home/user/dehydrated/certs/example.com ...
 + Generating private key...
 + Generating signing request...
 + Requesting challenge for example.com...
 + CloudFlare hook executing: deploy_challenge
 + DNS not propagated, waiting 30s...
 + DNS not propagated, waiting 30s...
 + Responding to challenge for example.com...
 + CloudFlare hook executing: clean_challenge
 + Challenge is valid!
 + Requesting certificate...
 + Checking certificate...
 + Done!
 + Creating fullchain.pem...
 + CloudFlare hook executing: deploy_cert
 + ssl_certificate: /home/user/dehydrated/certs/example.com/fullchain.pem
 + ssl_certificate_key: /home/user/dehydrated/certs/example.com/privkey.pem
 + Done!

Further reading

If you want some prose to go with the code, check out the relevant blog post here: From StartSSL to Let's Encrypt, using CloudFlare DNS.