Some notes about how this all this worked on a CentOS 7 server since I'll surely forget next time I have to do this:

In Cloudflare:
- Add DNS A record for server1.example.com and point to private IP ie. 192.168.50.5
- Navigate to "My Profile>API Tokens>Create Token"
- Add a token with DNS edit access for the domain in question, whitelist to single public IP only if that's all you need
- Copy the token to your clipboard

In CentOS server as root:
Code
nano /root/.data/token.ini #add this line: dns_cloudflare_api_token = <paste Cloudflare token here>
chmod 0700 /root/.data
chmod 0400 /root/.data/token.ini
yum install epel-release
yum install certbot python2-certbot-apache
yum install -y python2-cloudflare python2-certbot-dns-cloudflare 
sudo certbot certonly --cert-name example.com --dns-cloudflare --dns-cloudflare-credentials /root/.data/token.ini --server https://acme-v02.api.letsencrypt.org/directory -d "*.example.com" -d example.com
crontab -e #add this line: 30 2 * * * certbot renew --noninteractive

Now the certificate, private key, and chain files should be saved in /etc/letsencrypt/live/example.com/

Finally, install the certificate for Apache:

Code
nano /etc/httpd/conf.d/ssl.conf

Uncomment the following lines under section <VirtualHost_default_:443> and enter the correct file paths:

Code
DocumentRoot “/var/www/yourdomain.com”
ServerName server1.example.com: 443
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

Save the file and run:

Code
systemctl restart httpd

You should now be able to browse to https://server1.example.com and avoid any "insecure" warnings!

Last edited by Toner; 09/26/23 03:33 PM.

[Linked Image from web.atcomsystems.ca]
Looking for a VoIP Phone Canada provider? Put Atcom's valuable VoIP expertise to work for your business today!