====== certbot command cheatsheet ======

[[https://certbot.eff.org/|Certbot official site]]

===== install certbot =====
<code bash>
$ sudo apt install certbot
</code>

===== install cloudflare dns validation plugin =====
<code bash>
$ pip install cloudflare
</code>

===== issue new certificate for a domain, using cloudflare DNS validation =====
<code bash>
certbot certonly \
  --agree-tos \
  --manual-public-ip-logging-ok \
  --renew-by-default \
  --dns-cloudflare \
  --dns-cloudflare-credentials ~/cloudflare.ini \
  -d *.example.com

  For cloudflare DNS validation to work you need the an API Token in ~/cloudflare.ini:
  # Cloudflare API token used by Certbot
  dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567

  and chmod 600 this file

  The API token requires the following permissions:
  zone - DNS - edit
  zone - zone - read
  zone - zone settings - read
</code>