Cloudflare LetsEncrypt DNS Challenge

To securely generate a LetsEncrypt SSL Certificate without leaving ports 443 and 80 open, consider using the Cloudflare LetsEncrypt DNS Challenge. This approach provides a more secure and flexible option for certificate generation.

Guides

Setup a self-hosted Hudu instance using the Standard Self-Hosted Setup Guide. Make sure DNS is already verified by Cloudflare.

In the .env file in the ~/hudu2 directory, change VALIDATION from http to dns and add the following lines that are shown in bold:

PUID=1000
PGID=1000
ONLY_SUBDOMAINS=true
VALIDATION=dns
DNSPLUGIN=Cloudflare
EMAIL=example@example.com
STAGING=false

Run the following commands to install certbot:

sudo apt-get install certbot python3-certbot-nginx
sudo apt-get install python3-certbot-dns-cloudflare

Take Hudu down and back up:

sudo docker compose down && sudo docker compose up -d

Create API Token in Cloudflare

Navigate to My Profile in the top-right of your Cloudflare dashboard.

Select API Tokens from the left-hand sidebar

Select Create Token

Select Edit Zone DNS Use template

Select edit and read permissions for DNS for all zones or the zone of your domain. 

cloudflare_DNSedit.png

 

Edit API token and Cloudflare email in the cloudflare.ini file located in /var/www/hudu2/config/dns-conf 

The two lines that should be in the ini file that you'll need to edit:

dns_cloudflare_email = example@example.com

dns_cloudflare_api_token = f62ab346443fc593333deac6a18dba04532c6

If you wish to use your Cloudflare Global API Key, change the second line to dns_cloudflare_api_key.

Bring Docker down and back up by running:

cd ~/hudu2 sudo docker compose down && sudo docker compose up -d
Was this article helpful?
0 out of 0 found this helpful