https://github.com/socram8888/dehydrated-hook-cloudflare

Pure bash dehydrated dns-01 hook for CloudFlare
https://github.com/socram8888/dehydrated-hook-cloudflare

cloudflare cloudflare-hook dehydrated letsencrypt

Last synced: 4 months ago
JSON representation

Pure bash dehydrated dns-01 hook for CloudFlare

• Host: GitHub
• URL: https://github.com/socram8888/dehydrated-hook-cloudflare
• Owner: socram8888
• License: isc
• Created: 2017-04-27T09:31:49.000Z (almost 9 years ago)
• Default Branch: master
• Last Pushed: 2024-07-14T10:08:53.000Z (over 1 year ago)
• Last Synced: 2024-07-14T11:25:46.525Z (over 1 year ago)
• Topics: cloudflare, cloudflare-hook, dehydrated, letsencrypt
• Language: Shell
• Size: 12.7 KB
• Stars: 24
• Watchers: 3
• Forks: 7
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          

dehydrated-hook-cloudflare

==========================

Single file, pure Bash [dehydrated](https://github.com/lukas2511/dehydrated) (formely letsencrypt.sh) hook using the [CloudFlare](https://cloudflare.com/) API implementing the [dns-01 ACME challenge](https://tools.ietf.org/html/draft-ietf-acme-acme).

Requirements

------------

 * [Bash](https://www.gnu.org/software/bash/)

 * [mawk](http://invisible-island.net/mawk/mawk.html) or [GNU AWK](https://www.gnu.org/software/gawk/)

 * [jq](https://github.com/stedolan/jq)

 * [publicsuffix](https://packages.debian.org/stable/publicsuffix)

 * [drill](https://nlnetlabs.nl/projects/ldns/about/) or [dig](https://packages.debian.org/stable/dnsutils)

All the packages are available on the latest [Debian](https://debian.org) stable (jessie, at the time of writing), and may be installed using:

```bash

sudo apt-get install bash gawk jq publicsuffix ldnsutils

```

Configuration

-------------

This hook supports authenticating using either a bearer token or the global API key. Both can be obtained at the ["API tokens"](https://dash.cloudflare.com/profile/api-tokens) section.

### Bearer token

This is the preferred method, as the allowed operations can be limited to updating a single DNS zone.

For this method, you'd need to `export` the `CF_TOKEN` variable, with a suitable token that has read/write access to the DNS zone for which you want to issue certificates.

### API key

This method is less secure, as if someone were capable of reading these keys they'd have full access to your account.

For this method, you'd need to `export` the `CF_EMAIL` and `CF_KEY` variables with your CloudFlare email and API key respectively.