Some notes about how this all this worked on a CentOS 7 server since I'll surely forget next time I have to do this:
In Cloudflare:
- Add DNS A record for server1.example.com and point to private IP ie. 192.168.50.5
- Navigate to "My Profile>API Tokens>Create Token"
- Add a token with DNS edit access for the domain in question, whitelist to single public IP only if that's all you need
- Copy the token to your clipboard
In CentOS server as root:
nano /root/.data/token.ini #add this line: dns_cloudflare_api_token = <paste Cloudflare token here>
chmod 0700 /root/.data
chmod 0400 /root/.data/token.ini
yum install epel-release
yum install certbot python2-certbot-apache
yum install -y python2-cloudflare python2-certbot-dns-cloudflare
sudo certbot certonly --cert-name example.com --dns-cloudflare --dns-cloudflare-credentials /root/.data/token.ini --server https://acme-v02.api.letsencrypt.org/directory -d "*.example.com" -d example.com
crontab -e #add this line: 30 2 * * * certbot renew --noninteractive
Now the certificate, private key, and chain files should be saved in /etc/letsencrypt/live/example.com/
Finally, install the certificate for Apache:
nano /etc/httpd/conf.d/ssl.conf
Uncomment the following lines under section <VirtualHost_default_:443> and enter the correct file paths:
DocumentRoot “/var/www/yourdomain.com”
ServerName server1.example.com: 443
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
Save the file and run:
You should now be able to browse to
https://server1.example.com and avoid any "insecure" warnings!