Cloudflare LetsEncrypt DNS Challenge

To securely generate a LetsEncrypt SSL Certificate without leaving ports 443 and 80 open, consider using the Cloudflare LetsEncrypt DNS Challenge. This approach provides a more secure and flexible option for certificate generation.

Guides

Setup a self-hosted Hudu instance using the Standard Self-Hosted Setup Guide. Make sure DNS is already verified by Cloudflare.

In the .env file in the ~/hudu2 directory, change VALIDATION from http to dns and add the following lines that are shown in bold:

PUID=1000
PGID=1000
ONLY_SUBDOMAINS=true
VALIDATION=dns
DNSPLUGIN=Cloudflare
EMAIL=example@example.com
STAGING=false

Run the following commands to install certbot:

sudo apt-get install certbot python3-certbot-nginx
sudo apt-get install python3-certbot-dns-cloudflare

Take Hudu down and back up:

sudo docker compose down && sudo docker compose up -d

Create API Token in Cloudflare

Navigate to My Profile in the top-right of your Cloudflare dashboard.

Select API Tokens from the left-hand sidebar

Select Create Token

Select Edit Zone DNS Use template

Select edit and read permissions for DNS for all zones or the zone of your domain. 

cloudflare_DNSedit.png

 

Edit API token and Cloudflare email in the cloudflare.ini file located in /var/www/hudu2/config/dns-conf 

The two lines that should be in the ini file that you'll need to edit:

dns_cloudflare_email = example@example.com -

dns_cloudflare_api_key = f62ab346443fc593333deac6a18dba04532c6

If using API token:

  • Comment out the email.
  • Change 'key' to 'token'.

If using API token, run: 

certbot certonly --manual --preferred-challenges dns -d yourdomain.com

Copy the 'unique_token_provided_by_cerbot' value.

Then create a TXT record for:

_acme-challenge.yourdomain.com

Pasting the 'unique_token_provided_by_certbot' into the Content of the TXT record.

 

If you wish to use your Cloudflare Global API Key:

  • Make sure the second line is set to use api 'key':
    • dns_cloudflare_api_key
  • include the dns_cloudflare_email line.

Bring Docker down and back up by running:

cd ~/hudu2 sudo docker compose down && sudo docker compose up -d
Was this article helpful?
0 out of 0 found this helpful