LetsEncrypt SSL for Private Servers via Cloudflare - 09/26/23 08:25 PM
Some notes about how this all this worked on a CentOS 7 server since I'll surely forget next time I have to do this:
In Cloudflare:
- Add DNS A record for server1.example.com and point to private IP ie. 192.168.50.5
- Navigate to "My Profile>API Tokens>Create Token"
- Add a token with DNS edit access for the domain in question, whitelist to single public IP only if that's all you need
- Copy the token to your clipboard
In CentOS server as root:
Now the certificate, private key, and chain files should be saved in /etc/letsencrypt/live/example.com/
Finally, install the certificate for Apache:
Uncomment the following lines under section <VirtualHost_default_:443> and enter the correct file paths:
Save the file and run:
You should now be able to browse to https://server1.example.com and avoid any "insecure" warnings!
In Cloudflare:
- Add DNS A record for server1.example.com and point to private IP ie. 192.168.50.5
- Navigate to "My Profile>API Tokens>Create Token"
- Add a token with DNS edit access for the domain in question, whitelist to single public IP only if that's all you need
- Copy the token to your clipboard
In CentOS server as root:
Code
nano /root/.data/token.ini #add this line: dns_cloudflare_api_token = <paste Cloudflare token here> chmod 0700 /root/.data chmod 0400 /root/.data/token.ini yum install epel-release yum install certbot python2-certbot-apache yum install -y python2-cloudflare python2-certbot-dns-cloudflare sudo certbot certonly --cert-name example.com --dns-cloudflare --dns-cloudflare-credentials /root/.data/token.ini --server https://acme-v02.api.letsencrypt.org/directory -d "*.example.com" -d example.com crontab -e #add this line: 30 2 * * * certbot renew --noninteractive
Now the certificate, private key, and chain files should be saved in /etc/letsencrypt/live/example.com/
Finally, install the certificate for Apache:
Code
nano /etc/httpd/conf.d/ssl.conf
Uncomment the following lines under section <VirtualHost_default_:443> and enter the correct file paths:
Code
DocumentRoot “/var/www/yourdomain.com” ServerName server1.example.com: 443 SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
Save the file and run:
Code
systemctl restart httpd
You should now be able to browse to https://server1.example.com and avoid any "insecure" warnings!