Last active
August 16, 2024 17:08
-
-
Save paltaio-admin/94512aa2cd8cceff7114dce29e715b2b to your computer and use it in GitHub Desktop.
Create SSL certs via Cloudflare DNS using Docker and Certbot
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Get cloudflare token: https://dash.cloudflare.com/profile/api-tokens | |
| CLOUDFLARE_TOKEN="YOUR_CLOUDFLARE_TOKEN" | |
| DOMAIN="mysite.dev" | |
| WILDCARD="*.$DOMAIN" | |
| EMAIL="certbot@mysite.dev" | |
| PFX_PASSWORD="letsencrypt" | |
| mkdir -p letsencrypt | |
| echo "dns_cloudflare_api_token = $CLOUDFLARE_TOKEN" > letsencrypt/cloudflare.ini | |
| chmod 600 letsencrypt/cloudflare.ini | |
| # Run Certbot with the Cloudflare plugin | |
| docker run --rm \ | |
| -v "$(pwd)/letsencrypt:/etc/letsencrypt" \ | |
| certbot/dns-cloudflare certonly \ | |
| --dns-cloudflare \ | |
| --dns-cloudflare-credentials=/etc/letsencrypt/cloudflare.ini \ | |
| --non-interactive \ | |
| --agree-tos \ | |
| --email $EMAIL \ | |
| -d $DOMAIN \ | |
| -d $WILDCARD | |
| docker run --rm -v $(pwd)/letsencrypt:/letsencrypt alpine sh -c " | |
| apk update && \ | |
| apk add openssl && \ | |
| openssl pkcs12 -export -out /letsencrypt/live/$DOMAIN/$DOMAIN.pfx \ | |
| -inkey /letsencrypt/live/$DOMAIN/privkey.pem \ | |
| -in /letsencrypt/live/$DOMAIN/fullchain.pem \ | |
| -name $DOMAIN -password pass:$PFX_PASSWORD -legacy" | |
| mv $(pwd)/letsencrypt/live/$DOMAIN/$DOMAIN.pfx $(pwd)/$DOMAIN.pfx | |
| echo "Certificate and key are stored in ./letsencrypt/live/$DOMAIN" | |
| echo "The pfx you need to import in your keychain is './$DOMAIN.pfx' with password '$PFX_PASSWORD'" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment