thumb

In the era of cybersecurity, SSL certificates serve as the cornerstone of web security, ensuring encrypted communication between servers and clients. Certbot simplifies this by automating the acquisition and deployment of SSL certificates, while its plugin, Certbot-DNS-Cloudflare, streamlines the DNS validation process for domains managed through Cloudflare. From this article, you will learn how to properly install Certbot and the Certbot-DNS-Cloudflare plugin on Ubuntu and similar operating systems.

What are Certbot and Certbot-DNS-Cloudflare?

Certbot is an open-source command-line tool developed by the Electronic Frontier Foundation (EFF) that automates the process of obtaining and installing SSL/TLS certificates. It aims to simplify the manual steps involved in setting up a secure HTTPS connection. Certbot is widely trusted and used by system administrators to secure web servers and other services that use SSL/TLS encryption.

Certbot-DNS-Cloudflare is a plugin for Certbot that provides an easy way to obtain SSL certificates for domains managed by Cloudflare. The plugin automates the Domain Name System (DNS) validation step required by the Certificate Authority (CA) to issue an SSL certificate. This means you don’t have to manually create DNS records to prove ownership of your domain; the plugin does it for you, leveraging Cloudflare’s API.

Together, Certbot and its DNS-Cloudflare plugin offer a robust, automated solution for securing your website and services with SSL, especially if you are using Cloudflare as your DNS provider.

Prerequisites

Before diving into the installation process, it’s essential to make sure you have the following prerequisites met:

  1. Domain Name and Cloudflare Account: You should already have a domain name registered and managed through Cloudflare. If you haven’t set this up yet, please do so before continuing.

  2. Ubuntu or Similar OS: This guide is tailored for Ubuntu and similar operating systems like Debian. Ensure you have one of these operating systems installed on the server where you plan to deploy your SSL certificate.

  3. Root or Sudo Access: You’ll need root or sudo access to your server to execute many of the commands required for this installation.

Once you’ve checked off these prerequisites, you’re all set to proceed with installing Certbot and the Cloudflare DNS plugin.

Let’s begin

Installing Certbot and the Cloudflare DNS plugin on Ubuntu becomes a breeze when using snapd, which is the recommended method according to the official Certbot website. Before proceeding, make sure snapd is installed on your system.


Start by removing any older versions (if any) of certbot to avoid conflicts. If you’ve previously installed certbot from apt, remove it.

sudo apt remove certbot

Now, you can install Certbot using snap.

sudo snap install --classic certbot

You may need to create a symbolic link to ensure that the certbot command can be run easily without explicitly declaring the path.

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Now the crucial step before actually installing the plugin. You need to prepare Certbot to work with the Cloudflare DNS plugin. By default, the Certbot snap package is designed to be cautious about running plugins with root access for security reasons. The trust-plugin-with-root=ok setting relaxes this constraint, allowing you to install and use the Cloudflare DNS plugin, which requires root access to function properly. This step is crucial because it ensures that you’ve manually allowed the operation, acknowledging the security implications.

sudo snap set certbot trust-plugin-with-root=ok

Note! When you’re installing Certbot and its plugins via Snap, the sudo snap set certbot trust-plugin-with-root=ok command is used to explicitly give permission for the Certbot snap package to trust plugins that will run with root privileges.


Finally, install the Cloudflare DNS plugin for Certbot.

sudo snap install certbot-dns-cloudflare

To verify that certbot is installed correctly, you can run:

certbot --version
certbot 2.6.0

And for certbot-dns-cloudflare, the plugin should be listed under the plugins section when you run:

certbot plugins
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
...

* dns-cloudflare
Description: Obtain certificates using a DNS TXT record (if you are using
Cloudflare for DNS).
Interfaces: Authenticator, Plugin
Entry point: dns-cloudflare =
certbot_dns_cloudflare._internal.dns_cloudflare:Authenticator

...
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

That’s it! You’ve successfully installed certbot and certbot-dns-cloudflare. Now you can go ahead and configure SSL for your domains. If you’re interested in learning the specifics of actually creating an SSL certificate, you can refer to my other article here, which provides a detailed guide on how to create an SSL certificate using Certbot and the Cloudflare DNS plugin.

Conclusion

Manually setting up SSL certificates can be a daunting task, especially if you’re dealing with DNS validation and multiple steps of configuration. Thankfully, tools like Certbot and the Cloudflare DNS plugin have simplified this process, automating many of the steps involved. By following this step-by-step guide, you should now have a properly installed Certbot and the Cloudflare DNS plugin and ready to create SSL certificate for your domain, managed effortlessly through Cloudflare’s DNS services.

I hope this article has aided you in understanding how to properly install Certbot and the Cloudflare DNS plugin on Ubuntu and similar operating systems. If you found this article helpful, feel free to leave a comment :smiley:

Thank you for reading, and may your web services always be secure!

Additional resources: