You can use acme.sh and Cloudflare DNS to issue a Let’s Encrypt wildcard certificate. Here are the steps you can follow:
- Start by installing acme.sh by running the following command:
curl https://get.acme.sh | sh
- Next, you will need to generate an API key for Cloudflare. This can be done by visiting the “My Profile” page on the Cloudflare website, and then “API Tokens” tab. Create a new API token with
Edit zone DNSpermissions. - Run the following command to issue the wildcard certificate
acme.sh --issue --dns dns_cf -d example.com -d *.example.com
Replace example.com with your domain name and dns_cf with your Cloudflare API key.
- The above command will create a wildcard certificate for
example.comand*.example.com - You can also specify additional DNS providers with the
--dnsoption. - After the command is done, you will find the cert files in
~/.acme.sh/example.comdirectory. - You can install the cert files by running the following command:
acme.sh --install-cert -d example.com --key-file /path/to/key.pem --fullchain-file /path/to/fullchain.pem
- Once the cert files are installed, you will need to configure your web server to use them.
- You can also use the
acme.sh --renewcommand to renew the cert files.
It’s important to keep in mind that the acme.sh script is a third-party tool, and that it may not always work correctly or may be updated in a way that breaks compatibility with your system.
It’s also important to note that Cloudflare offers free and paid plans, the free plan has some limits, make sure you check the limits of the plan you have and the cost of the certificate.