Generate CloudFlare API token
- Login to CloudFlare
- My Profile > API Token > Create Token
- Use template from “Edit zone DNS”
- Keep default values from “Permissions”
- In “Zone Resources”, include only the domain for which the certificate will be generated
- Copy generated token
docker-compose – Dockerfile
letsencrypt:
build: ./folder-to-dockerfile/
command: /bin/true
volumes:
- letsencrypt_certs:/etc/letsencrypt
- letsencrypt_www:/var/www/letsencrypt
container_name: letsencrypt
FROM certbot/dns-cloudflare
COPY my_secrets_settings.ini .
Where my_secrets_settings.ini contains your previously generated API token :
dns_cloudflare_api_token = your_api_token
Generate single entry certificate
docker-compose run --rm letsencrypt certonly -w /var/www/letsencrypt --dns-cloudflare --dns-cloudflare-credentials my_secrets_settings.ini -d losnia.com
Generate multiple entries certificate
docker-compose run --rm letsencrypt certonly -w /var/www/letsencrypt --dns-cloudflare --dns-cloudflare-credentials my_secrets_settings.ini -d losnia.com -d subdomain.losnia.com
Generate wildcard certificate
docker-compose run --rm letsencrypt certonly -w /var/www/letsencrypt --dns-cloudflare --dns-cloudflare-credentials my_secrets_settings.ini -d losnia.com -d "*.losnia.com"
NGINX configuration
Mount the same volume as used by the Certbot container :
volumes:
- letsencrypt_certs:/etc/nginx/certs
- letsencrypt_www:/var/www/letsencrypt
Target generated certificate :
http {
ssl_certificate certs/live/losnia.com/fullchain.pem;
ssl_certificate_key certs/live/losnia.com/privkey.pem;
include /etc/nginx/conf.d/*;
}