Generate Let's Encrypt SSL Certificate Using Cloudflare DNS

This guide will walk you through the process of generating a Let's Encrypt SSL certificate using Cloudflare DNS validation. This method is particularly useful for servers that don't have direct HTTP access or when you want to automate certificate renewal. This was tested on Ubuntu 24.04.

Prerequisites

Ensure you have curl installed.
A domain name with Cloudflare DNS management
Cloudflare API credentials

Installation Steps

1. Install acme.sh

First, download and install acme.sh with your email address:

curl https://get.acme.sh | sh -s email=your_cloudflare_email

2. Configure Let's Encrypt as Default CA

Set Let's Encrypt as your default certificate authority:

acme.sh --set-default-ca --server letsencrypt

3. Configure Cloudflare API Credentials

Set up your Cloudflare API credentials as environment variables:

export CF_Token="your_cloudflare_api_token"
export CF_Account_ID="your_cloudflare_account_id"
export CF_Zone_ID="your_cloudflare_zone_id"

4. Generate Certificate

Issue a new certificate for your domain:

acme.sh --issue --dns dns_cf -d example.com

Replace example.com with your actual domain name.

Additional Notes

The certificate will be automatically renewed when it's close to expiration
Make sure to keep your Cloudflare API credentials secure
You can add multiple domains by adding additional -d parameters

Prerequisites​

Installation Steps​

1. Install acme.sh​

2. Configure Let's Encrypt as Default CA​

3. Configure Cloudflare API Credentials​

4. Generate Certificate​

Additional Notes​