Obtain Let's Encrypt Certificate using Docker and DNS challenge (Cloudflare)

Introduction

This guide explains how to obtain Let's Encrypt certificates using Docker and the Certbot image. The process uses DNS validation with a generic DNS provider (e.g., Cloudflare).

Step 1: Create Credential File

Prepare the DNS API credentials required for Certbot to perform DNS-based domain validation.

                sudo mkdir -p /path/to/certs

                sudo nano /path/to/certs/provider.ini

Add the following content to the provider.ini file:

                dns_provider_email = example@email

                dns_provider_api_key = your_api_key_here

Adjust the keys and email according to your DNS provider's API requirements.

Secure the credential file:

                sudo chmod 700 /path/to/certs

                sudo chmod 600 /path/to/certs/provider.ini

Step 2: Obtain Certificates

Use the following Docker command to obtain the certificates:

docker run --rm \
-v /path/to/certs:/etc/letsencrypt \
-v /path/to/certs/provider.ini:/etc/letsencrypt/provider.ini \
certbot/dns-cloudflare \
certonly \
--dns-cloudflare \
--dns-cloudflare-credentials /etc/letsencrypt/provider.ini \
--non-interactive \
--agree-tos \
--email [email protected] \
-d yourdomain.com

Replace the following placeholders:

/path/to/certs: Path to store certificates and configuration files.
provider.ini: Credentials file for your DNS provider.
[email protected]: Your email address for certificate expiry notifications.
yourdomain.com: The domain for which you are requesting certificates.

Step 3: Certificate Details

The certificates will be stored in:

/path/to/certs/live/yourdomain.com/

This directory contains the following files:

cert.pem: The domain certificate.
privkey.pem: The private key for the certificate.
chain.pem: The intermediate certificates.
fullchain.pem: The certificate chain (certificate + intermediates).

Troubleshooting

If the process fails, check the following:

Ensure your DNS provider API credentials are correct.
Verify that the domain's DNS records allow updates via API.
Check Docker logs for errors:

docker logs

Renewing Certificates

To renew certificates, run the same Docker command as in Step 2. Certbot will detect existing certificates and renew them if necessary.

Official Documentation

You have successfully obtained Let's Encrypt certificates using Docker and DNS-based validation. Refer to the Certbot documentation for further details and advanced configurations.