Configuring Certbot for Auto-Renew
Current Cloudflare API Token
Owner: Marc North
API Token: KCglokSaB78ApfrD_snuzPwSH16y5TCzVWM6jJd9
Install Certbot and the Cloudflare Plugin
Generate a Cloudflare API Token
- Log in to Cloudflare and navigate to API Tokens:
-
Go to My Profile > API Tokens > Create Token
-
Create a Custom Token with limited permissions:
- Under Permissions, select:
- Zone: DNS -> Edit
-
Under Zone Resources, choose:
- Include > Specific Zone > methodgrid.com
-
Generate and Save the Token for later use
Store the Cloudflare API Token on Your Server
To keep your API token secure, store it in a file with restricted permissions.
Create the configuration file
Create a file called cloudflare.ini in the /etc/letsencrypt directory:
Add the API token to the file
Paste the following content, replacing YOUR_API_TOKEN with your actual API token:
Secure the file
Set permissions so only root can access it:
Obtain the Wildcard SSL Certificate
certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini -d '*.methodgrid.com'
Restart Apache
Automate Certificate Renewal
Test renewal:
Set up a cron job for daily renewal checks
Add a line to check for renewal daily at 2 AM. My suggestion (Ian), is that each webserver has their cron run 30 minutes apart, 2am for web1, 2.30am for web2, etc.