{"id":64,"date":"2020-03-04T01:21:56","date_gmt":"2020-03-03T17:21:56","guid":{"rendered":"http:\/\/wordpress-stage\/?p=64"},"modified":"2020-03-04T01:43:29","modified_gmt":"2020-03-03T17:43:29","slug":"64","status":"publish","type":"post","link":"https:\/\/blog.buck5060.tw\/?p=64","title":{"rendered":"certbot-dns-cloudflare: \u4f7f\u7528 Token \u9032\u884c dns-01challenge"},"content":{"rendered":"<h1>TL;RD<\/h1>\n<ul>\n<li>\u5728Ubuntu\u4f7f\u7528 <code>certbot-auto<\/code> \u5b89\u88ddcertbot\uff0cPPA\u6216\u5b98\u65b9repo\u90fd\u592a\u820a\u4e0d\u652f\u63f4token <\/li>\n<li>\u4f7f\u7528 pipenv\u5207\u9032\u53bbcertbot\u7684\u76ee\u9304\uff0c\u7528pip\u5b89\u88ddplugin <\/li>\n<\/ul>\n<h1>Step by step<\/h1>\n<blockquote>\n<p>Check the command before you paste it <\/p>\n<\/blockquote>\n<h2>\u5b89\u88ddCertbot-auto<\/h2>\n<p>From [1]<\/p>\n<pre><code class=\"language-bash\">wget https:\/\/dl.eff.org\/certbot-auto \nsudo mv certbot-auto \/usr\/local\/bin\/certbot-auto \nsudo chown root \/usr\/local\/bin\/certbot-auto \nsudo chmod 0755 \/usr\/local\/bin\/certbot-auto \n\/usr\/local\/bin\/certbot-auto --help<\/code><\/pre>\n<h2>\u5b89\u88dd certbot-dns-cloudflare Plugin<\/h2>\n<p>From [2]<\/p>\n<pre><code class=\"language-bash\">find \/ -name certbot\n# [Output] \/opt\/eff.org\/certbot \ncd \/opt\/eff.org\/certbot\/venv \nsource bin\/activate \npip install certbot-dns-cloudflare deactivate<\/code><\/pre>\n<h2>\u8a2d\u5b9aCloudflare Token\u3001\u53d6\u5f97\u6191\u8b49\u8207\u5b9a\u6642\u66f4\u65b0<\/h2>\n<p>From [3] <\/p>\n<pre><code class=\"language-bash\">sudo mkdir \/root\/.secrets\/ \nsudo chmod 700 \/root\/.secrets\/ \nsudo vim \/root\/.secrets\/cloudflare.ini \n# \u8f38\u5165: dns_cloudflare_api_token = CHANGEME \n# \u5728cloudflare\u4e0a\u958btoken\uff0c\u6b0a\u9650 Zone:Zone:Read, Zone:DNS:Edit for all zones \nsudo chmod 600 \/root\/.secrets\/cloudflare.ini \nsudo chmod certbot-auto certonly \\\\\n--dns-cloudflare \\\\\n--dns-cloudflare-credentials ~\/.secrets\/cloudflare.ini \\\\\n-d example.com \n# -vvv\u958bDebug mode <\/code><\/pre>\n<p>From certbot crontab man page (?)<\/p>\n<pre><code class=\"language-bash\">sudo su - \ncrontab -e \n# \u8f38\u5165: 0 0 15 * * \/usr\/local\/bin\/certbot-auto renew --post-hook systemctl restart [SERVICE]<\/code><\/pre>\n<h1>\u4e8b\u60c5\u7d93\u904e a.k.a.\u6d41\u6c34\u5e33<\/h1>\n<p>DNS-01\u53ea\u9700\u8981<code>txt<\/code>\u7d00\u9304\uff0c\u4e0d\u7528\u5916\u7db2\u3001\u4e0d\u7528tcp 80 port \u9019\u9ebc\u68d2\u7684\u6771\u897f\u4e00\u5b9a\u8981\u7528\u963f<br \/>\n\u5728Ubuntu 18.04\u76f4\u89ba\u7684\u4f7f\u7528<code>sudo apt install certbot python3-certbot-dns-cloudflare<\/code>\u5b89\u88dd\u5957\u4ef6<br \/>\n\u627e\u5230\u6587\u4ef6 [3] \u76f4\u63a5\u958b\u5de5<br \/>\n\u65e2\u7136token\u6bd4\u8f03\u5b89\u5168\uff0c\u6587\u4ef6\u53c8\u63a8\u85a6\u5c31\u7528token\u3105<br \/>\n\u7522\u751f\u6191\u8b49\u6642\u51fa\u73fe <\/p>\n<pre><code class=\"language-bash\">Missing properties in credentials configuration file \/root\/.secrets\/cloudflare.ini: \n* Property dns_cloudflare_email not found (should be email address associated with Cloudflare account). \n* Property dns_cloudflare_api_key not found (should be API key for Cloudflare account, obtained from https:\/\/www.cloudflare.com\/a\/account\/my-account). <\/code><\/pre>\n<p>\u9019\u662fGlobal Key\u963f<br \/>\n\u628a\u932f\u8aa4\u8a0a\u606f\u5728\u7a0b\u5f0f\u78bc\u4e2d\u641c\u5c0b\uff0ctoken\u6709\u76f8\u95dc\u7684code R <\/p>\n<p>\u5fd8\u8a18\u5728\u90a3\u770b\u5230\u53ef\u80fd\u662f\u7248\u672c\u554f\u984c<\/p>\n<pre><code class=\"language-bash\">apt-cache policy certbot | grep -i Installed <\/code><\/pre>\n<p>Ubuntu Repo: 0.27, GitHub\u4e0a: 1.2 <\/p>\n<p>\u597d\u3105\u90a3\u5c31\u7528\u5b98\u65b9Ubuntu PPA<br \/>\nPPA python-certbot \u7248\u672c: 0.31<br \/>\nPPA python-certbot-dns-cloudflare \u7248\u672c: 0.23<br \/>\nWTH <\/p>\n<p>\u53e6\u5916\u767c\u73feToken\u662f\u4eca\u5e742020\/01\u66f4\u65b0\u7684\uff0c1.2\u958b\u59cb\u51fa\u73fe<br \/>\n\u6240\u4ee5\u53ea\u597d\u7528certbot-auto\u88dd\u4e86 <\/p>\n<p>\u6c92 \u53ea\u662f\u60f3\u62b1\u6028\u800c\u5df2<\/p>\n<h1>Reference<\/h1>\n<p>[1] <a href=\"https:\/\/certbot.eff.org\/docs\/install.html#certbot-auto\">https:\/\/certbot.eff.org\/docs\/install.html#certbot-auto<\/a><br \/>\n[2] <a href=\"https:\/\/devops.stackexchange.com\/questions\/3757\/how-to-install-certbot-plugins\">https:\/\/devops.stackexchange.com\/questions\/3757\/how-to-install-certbot-plugins<\/a><br \/>\n[3] <a href=\"https:\/\/certbot-dns-cloudflare.readthedocs.io\/en\/stable\/\">https:\/\/certbot-dns-cloudflare.readthedocs.io\/en\/stable\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>TL;RD \u5728Ubuntu\u4f7f\u7528 certbot-auto \u5b89\u88ddcertbot\uff0cPPA\u6216\u5b98\u65b9repo\u90fd\u592a\u820a\u4e0d\u652f\u63f4 &hellip; <a href=\"https:\/\/blog.buck5060.tw\/?p=64\" class=\"more-link\">\u95b1\u8b80\u5168\u6587 <span class=\"screen-reader-text\">certbot-dns-cloudflare: \u4f7f\u7528 Token \u9032\u884c dns-01challenge<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[15,17,18,16],"class_list":["post-64","post","type-post","status-publish","format-standard","hentry","category-it","tag-certbot","tag-cloudflare","tag-dns-01","tag-token"],"_links":{"self":[{"href":"https:\/\/blog.buck5060.tw\/index.php?rest_route=\/wp\/v2\/posts\/64","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.buck5060.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.buck5060.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.buck5060.tw\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.buck5060.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=64"}],"version-history":[{"count":9,"href":"https:\/\/blog.buck5060.tw\/index.php?rest_route=\/wp\/v2\/posts\/64\/revisions"}],"predecessor-version":[{"id":73,"href":"https:\/\/blog.buck5060.tw\/index.php?rest_route=\/wp\/v2\/posts\/64\/revisions\/73"}],"wp:attachment":[{"href":"https:\/\/blog.buck5060.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=64"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.buck5060.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=64"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.buck5060.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=64"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}