Post4VPS Forum | Free VPS Provider
acmetool (Alternative Let's Encrypt client) | DNS Auth using Cloudflare - Printable Version

+- Post4VPS Forum | Free VPS Provider (https://post4vps.com)
+-- Forum: VPS Discussion (https://post4vps.com/Forum-VPS-Discussion)
+--- Forum: Tutorials (https://post4vps.com/Forum-Tutorials)
+--- Thread: acmetool (Alternative Let's Encrypt client) | DNS Auth using Cloudflare (/Thread-acmetool-Alternative-Let-s-Encrypt-client-DNS-Auth-using-Cloudflare)

acmetool (Alternative Let's Encrypt client) | DNS Auth using Cloudflare - Conan - 11-20-2016

acmetool - An Alternative for CertBot | DNS Auth for Cloudflare
acmetool is an alternative client for acme CAs like Let's encrypt. It's easier to use as well. One of the biggest differences is it doesn't configure the web servers for you. It offers autorenewal using cron. (With certbot, you need to manually setup the cronjob)
I will be helping you to compile it from source Smile THen setup for DNS auth using cloudflare.

NOTE: This is for CentOS only. (only tested on 7) I will be continuing writing this next week. (I'll add instructions for other distros)

Links:
https://github.com/hlandau/acme

Installation of Requirements
CentOS
Spoiler Expand
[unix]
sudo yum install -y epel-release make libcap-devel golang nginx python34 bind-utils
curl -O https://bootstrap.pypa.io/get-pip.py
sudo /usr/bin/python3.4 get-pip.py
[/unix]

1. Let's get the source first.
[unix]
cd ~
git clone https://github.com/hlandau/acme
[/unix]

2. Compiling the code
[unix]
make
sudo make install
[/unix]

3. acmetool setup
[unix]
sudo acmetool quickstart
[/unix]
When asked for what ACME server to use, please select the Live server by pressing "1" then press enter.
When asked for what challenge to use, please select hook by pressing "6" then press enter.

4. Setup the hooks that is needed
[unix]
cd /usr/libexec/acme/hooks
wget https://github.com/yinguanhao/acme-dns-hook-cloudflare/raw/master/dns.hook
[/unix]

Get the API key for your cloudflare account
Spoiler Expand
Go to https://www.cloudflare.com/a/login and login.
Go to your settings and click "View API Key" on Global API Key. (It should be like this "e62848e7da4da13dcc35a238cae8684b7fe4f")
[spoiler]
Configuring the hook file
[spoiler]
open dns.hook on your favorite text editor then go to line 45.
Replace "EMAIL" with your email. Then Replace "KEY" with your API key. Enclose both with double quotes.
Ex.
Code:
headers = {
    'X-Auth-Email': "test@example.com",
    'X-Auth-Key': "e62848e7da4da13dcc35a238cae8684b7fe4f",
    'Content-Type': 'application/json'
}
Save the file.
Testing the hook
Spoiler Expand
[unix]
python3 dns.hook test test.domain.tld #Replace with your domain
[/unix]
If it outputs an error please check the Email and Key

5. Getting a certificate
This is the easy part Smile
[unix]
acmetool want domain.tld www.domain.tld sub.domain.tld #Replace with your domains
[/unix]


Certificates are stored in /var/lib/acme/live/domain.tld

Extra Notes:
Use "/var/lib/acme/live/domain.tld/fullchain" when configuring your webserver
The private key is stored in "/var/lib/acme/live/domain.tld/privkey".
(Change domain.tld to your domain of course)
I don't remember if it asks you to setup cronjobs on quickstart, if it asked you select yes. (This is for auto renewal)

RE: acmetool (Alternative Let's Encrypt client) | DNS Auth using Cloudflare - Neco - 12-02-2016

Great tutorial. With this tool you do not need to setup the webserver so it's easier to setup.