Closed kategray closed 1 month ago
kategray
commented
3 years ago Hmm. I didn't find it googling, but saw a reference to this script in another issue.
https://github.com/icing/mod_md/blob/master/contrib/md_events/dns_scripts/dns_add_cloudflare
Could have saved a few hours of time, though looking through the script it looks a fair bit less efficient, given that it gets all the domains to do it. Mine just makes an API call to get the ID.
icing
commented
3 years ago Thanks for getting this to work and getting in touch. I do not have a cloud fronting myself, so it is always good to get feedback.
I think I'll point to this issue from the README, so people have it easier finding a solution. While all other challenge methods are in control of Apache, the DNS and its visibility will vary from provider to provider and having the challenge script sleep for a while is perfectly fine, as ACME does not block anything else in the server.
kategray
commented
3 years ago If there's enough demand, I might convert this from being CF-specific to a more generalized approach, probably starting with Office 365 DNS and AWS.
It's not a hard thing to do, in particular. It's just a pain to do it right.
icing
commented
1 month ago Closed as being stale.
Hello,
This isn't an issue, just a heads up in case you find this useful.
I was able to get wildcard domains working nicely in apache2 2.4.46-4+deb.sury.org+1+ubuntu20.04.1+deb.sury.org+5 with Cloudflare.
(Sorry for the version number, it's from the sury PPA).
I ended up writing a utility to use the Cloudflare API. I had to add a 5 second sleep in there to give CF a chance to catch up or it would cycle a lot.
https://github.com/kategray/dns-challenge-cloudflare
The config file I'm using is essentially: