Install certbot
Step 1-5: CentOS 7: install certbot to register wildcard SSL certificate
Using certbot to register SSL certificate for multiple domains
Step 6: Confirm plugin containment level
sudo snap set certbot trust-plugin-with-root=ok
Step 7: Install correct DNS plugin for Cloudflare
sudo snap install certbot-dns-cloudflare
Result:
[root@tutorialspots ~]# sudo snap set certbot trust-plugin-with-root=ok [root@tutorialspots ~]# sudo snap install certbot-dns-cloudflare certbot-dns-cloudflare 1.28.0 from Certbot Project (certbot-eff✓) installed
Step 8: Set up credentials
Create file ~/.secrets/certbot/cloudflare.ini with content:
dns_cloudflare_email = youremail@gmail.com dns_cloudflare_api_key = f6438adcdxxxxxxxxxxxxxxxxfef7f3
By some commands:
mkdir ~/.secrets mkdir ~/.secrets/certbot echo -e "dns_cloudflare_email = youremail@gmail.com\ndns_cloudflare_api_key = f6438adcdxxxxxxxxxxxxxxxxfef7f3" > ~/.secrets/certbot/cloudflare.ini
chmod 600 for this file
chmod 0600 ~/.secrets/certbot/cloudflare.ini
Step 9: register SSL certificate for multiple domains
certbot certonly \ --agree-tos \ --dns-cloudflare \ --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini \ --dns-cloudflare-propagation-seconds 30\ -d domain1.com -d domain2.com -d domain3.com -d domain4.com
Result:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for domain1.com and 9 more domains Unsafe permissions on credentials configuration file: /root/.secrets/certbot/cloudflare.ini Waiting 30 seconds for DNS changes to propagate Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/domain1.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/domain1.com/privkey.pem This certificate expires on 2022-09-07. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
To renew or expand certificate:
certbot certonly \ --agree-tos \ --dns-cloudflare \ --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini \ --dns-cloudflare-propagation-seconds 30\ -d domain1.com -d domain2.com -d domain3.com -d domain4.com -d \*.domain1.com
Result:
Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - You have an existing certificate that contains a portion of the domains you requested (ref: /etc/letsencrypt/renewal/domain1.com.conf) It contains these names: domain1.com, domain2.com, domain3.com, domain4.com You requested these names for the new certificate: domain1.com, domain2.com, domain3.com, domain4.com, *.domain1.com. Do you want to expand and replace this existing certificate with the new certificate? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (E)xpand/(C)ancel: E Renewing an existing certificate for domain1.com and 14 more domains Waiting 30 seconds for DNS changes to propagate Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/domain1.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/domain1.com/privkey.pem This certificate expires on 2022-09-21. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
