{"id":13587381,"url":"https://github.com/sineverba/cfhookbash","last_synced_at":"2026-02-16T12:29:19.593Z","repository":{"id":34681554,"uuid":"135854501","full_name":"sineverba/cfhookbash","owner":"sineverba","description":"Cloudflare hook bash for dehydrated - DNS-01 Challenge Let's Encrypt","archived":false,"fork":false,"pushed_at":"2024-01-17T11:29:32.000Z","size":209,"stargazers_count":47,"open_issues_count":0,"forks_count":9,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-02-14T21:49:03.247Z","etag":null,"topics":["bash","bash-script","cloudflare","dehydrated","dns-01","dns-challenge","letsencrypt","letsencrypt-certificates"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sineverba.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-06-02T21:46:00.000Z","updated_at":"2024-08-01T16:33:24.091Z","dependencies_parsed_at":"2023-11-28T15:44:13.937Z","dependency_job_id":"ec112cde-0516-4cd0-81d4-8924c586b5c7","html_url":"https://github.com/sineverba/cfhookbash","commit_stats":null,"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"purl":"pkg:github/sineverba/cfhookbash","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sineverba%2Fcfhookbash","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sineverba%2Fcfhookbash/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sineverba%2Fcfhookbash/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sineverba%2Fcfhookbash/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sineverba","download_url":"https://codeload.github.com/sineverba/cfhookbash/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sineverba%2Fcfhookbash/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29507902,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-16T09:05:14.864Z","status":"ssl_error","status_checked_at":"2026-02-16T08:55:59.364Z","response_time":115,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","bash-script","cloudflare","dehydrated","dns-01","dns-challenge","letsencrypt","letsencrypt-certificates"],"created_at":"2024-08-01T15:06:11.122Z","updated_at":"2026-02-16T12:29:19.576Z","avatar_url":"https://github.com/sineverba.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"Cloudflare dns-01 challenge hook bash for dehydrated\r\n====================================================\r\n\r\n| CD / CI   |           |\r\n| --------- | --------- |\r\n| Semaphore CI | [![Build Status](https://sineverba.semaphoreci.com/badges/cfhookbash/branches/master.svg)](https://sineverba.semaphoreci.com/projects/cfhookbash) |\r\n\r\n**If you like this project, or use it, please, star it!**\r\n\r\nCloudflare Bash hook for [dehydrated](https://github.com/dehydrated-io/dehydrated).\r\n\r\n## Docker version\r\n\r\nFor [Docker](https://hub.docker.com/r/sineverba/cfhookbash) version usage, see [wiki](https://github.com/sineverba/cfhookbash/wiki/Docker-usage)\r\n\r\n\r\n## Why Cloudflare? What is this script?\r\n\r\nIf you cannot solve the `HTTP-01` challenge, you need to solve the DNS-01 challenge. [Details here](https://letsencrypt.org/docs/challenge-types/).\r\n\r\nWith use of Cloudflare API (valid also on free plan!), this script will verify your domain putting a new record with a special token inside DNS zone.\r\nAt the end of Let's Encrypt validation, that record will be deleted.\r\n\r\nDepends on `jq`: `sudo apt install -y jq`\r\n\r\nYou only need:\r\n\r\n1. Register on Cloudflare (it works also on free plan)\r\n2. Change your domain DNS to manage them in Cloudflare (follow their guide).\r\n3. Run `dehydrated` with this hook (or run Docker image, see below)\r\n\r\nYou will find the certificates in the folder of `dehydrated`.\r\n\r\n\r\n\r\n### Classic mode: Prerequisites\r\n\r\n`cfhookbash` has some prerequisites:\r\n\r\n+ cURL\r\n+ jq\r\n+ Active account on Cloudflare (tested with free account)\r\n+ Dehydrated ([follow the instructions on Github](https://github.com/dehydrated-io/dehydrated))\r\n\r\n### Classic mode: Setup\r\n\r\n``` shell\r\ncd ~\r\ngit clone https://github.com/sineverba/cfhookbash.git\r\n```\r\n\r\n\r\n### Classic mode: Configuration\r\n\r\n1. Create a file `domains.txt` **in the folder of `dehydrated`**\r\n2. Put inside a list of domains that need certificates. Multiple (sub)domains on a single line will end up on a single certificate. \r\n\r\n``` shell\r\nexample.com www.example.com\r\nhome.example.net *.home.example.net\r\n[...]\r\n```\r\n3. Move to the folder of `cfhookbash`\r\n3. Copy `config.default.sh` to `config.sh`\r\n4. Edit `config.sh`. To get values:\r\n\r\n| Value          | Where to find | Deprecated? |\r\n| -------------- | ------------- | ----------- |\r\n| Zone ID        | Main page domain \u003e Right Column \u003e API section | N |\r\n| API Token      | Account \u003e My Profile \u003e API Tokens \u003e Create Token \u003e API token templates \u003e \"Edit zone DNS\" | N |\r\n| Global API Key | Account \u003e My Profile \u003e API Tokens \u003e Api Keys \u003e Global API Key | Y, from 4.1.0  |\r\n\r\nYou can choose between using an **API token** and using your **global API key**. It is preferred to create a token, since tokens can be restricted to just the permission to edit DNS records in chosen zones (the `DNS:Edit` permission).\r\n\r\nIf you choose to use an API token, it must be filled into `api_token`. If you want to use your global API key, instead use `global_api_key` and `email`.\r\n\r\n`Global API key` is deprecated and will be removed in future version.\r\n\r\n### Classic mode: Usage\r\n\r\nMake a first run with `CA=\"https://acme-staging-v02.api.letsencrypt.org/directory\"` placed in a `config` file in root directory of `dehydrated`.\r\n\r\n``` shell\r\n./dehydrated -c -t dns-01 -k '${PATH_WHERE_YOU_CLONED_CFHOOKBASH}/cfhookbash/hook.sh'\r\n```\r\n\r\nYou will find the certificates inside `~/dehydrated/certs/[your.domain.name]`.\r\nIf you are using dehydrated with a config file and, you can speed up the requests for certificates with multiple (sub)domains by using `HOOK_CHAIN=\"yes\"`.\r\n\r\n\r\n### Classic mode: Post deploy\r\nYou can find in `hook.sh` a recall to another file (`deploy.sh`).\r\nHere you can write different operation to execute **AFTER** every successfull challenge.\r\n\r\nThere is a stub file `deploy.config.sh`.\r\n\r\nUsage:\r\n\r\n``` shell\r\ncp deploy.config.sh deploy.sh \u0026\u0026 rm deploy.config.sh \u0026\u0026 nano deploy.sh\r\n```\r\n\r\n### Classic mode: Cronjob\r\n\r\nRemember that some action require sudo privilege (start and stop webserver, e.g.).\r\n\r\nBest is run as root and running in cronjob specify full paths.\r\n\r\nFollowing script will run every monday at 4AM and will create a log in home folder.\r\n\r\n`$ sudo crontab -e`\r\n\r\n``` shell\r\n0 4 * * 1 cd /home/\u003cUSER\u003e/dehydrated \u0026\u0026 /home/\u003cUSER\u003e/dehydrated/dehydrated -c -t dns-01 -k '/home/\u003cUSER\u003e/cfhookbash/hook.sh' \u003e\u003e /home/\u003cUSER\u003e/cfhookbash-`date +\\%Y-\\%m-\\%d-\\%H-\\%M-\\%S`.log 2\u003e\u00261\r\n```\r\n\r\n#### Update / upgrade\r\n+ Move to folder where you downloaded it\r\n+ Type `git checkout master \u0026\u0026 git pull`\r\n\r\n#### Commons error messages\r\n\r\n| Error | Solution |\r\n| ----- | -------- |\r\n| Could not route to /zones/dns_records, perhaps your object identifier is invalid? No route for that URI | Check your `Zone ID` value. There probably is something wrong. |\r\n| /home/YOUR_USER/cfhookbash/hook.sh: line XX: jq: command not found | Install `jq` (`sudo apt install jq`) and try again |\r\n| {\"code\": 1001, \"error\": \"method_not_allowed\"} | Update this script by running `git pull` |\r\n\r\n### Contributing\r\nEveryone is welcome to contribute! See `CONTRIBUTING.md`\r\n\r\n### Contributors, credits and bug discovery :)\r\n\r\n+ YasharF\r\n+ Ramblurr\r\n+ Dav999-v\r\n+ fallingcats\r\n+ simondeziel\r\n\r\nInspired by\r\n+ [https://www.splitbrain.org/blog/2017-08/10-homeassistant_duckdns_letsencrypt](https://www.splitbrain.org/blog/2017-08/10-homeassistant_duckdns_letsencrypt)\r\n+ [https://github.com/kappataumu/letsencrypt-Cloudflare-hook](https://github.com/kappataumu/letsencrypt-Cloudflare-hook)\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsineverba%2Fcfhookbash","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsineverba%2Fcfhookbash","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsineverba%2Fcfhookbash/lists"}