ACMESharp icon indicating copy to clipboard operation
ACMESharp copied to clipboard

Published 20 hours ago verified publisher icon ebekker

Example script for cloudflare dns

Open gnordli opened this issue 7 years ago • 5 comments

Does anyone have an example script with cloudflare dns authorization and alternate names. It would be great to have this added to the documentation.
thanks!!

gnordli avatar Oct 11 '17 22:10 gnordli

@gnordli, are you familiar with the Cloudflare APIs?

ebekker avatar Oct 26 '17 17:10 ebekker

Hi @ebekker

I use the cloudflare dns with acme.sh on Linux, which is working fine. Just looking for a quick example script that is using the current code with alternate names. For whatever reason I couldn't get it working properly.
thanks!!

gnordli avatar Oct 26 '17 17:10 gnordli

Unfortunately, the Cloudflare Provider was contributed by @janpieterz so I'm not too familiar with it or the inner workings. Perhaps he may be able to provide some guidance.

ebekker avatar Oct 26 '17 17:10 ebekker

Hi @gnordli , yeah, I do have some examples.

This is in pure powershell, so you might have to adjust it a bit. You provide the domain and alternative domains as before, depending on what your script is based off on (unfamiliar with the acme.sh variant). For each alternate domain you go and after retrieving the ACMEIdentifier (either through New- or Get-) and you execute something like:

if ( ! ($result.Challenges | Where-Object { $_.Type -eq 'dns-01' -and $_.SubmitDate }).Count )
        {
            # No?  Has the request been submitted?
            if ( ! ($result.Challenges | Where-Object { $_.Type -eq 'dns-01' -and $_.HandlerName -eq 'CloudFlare' }).Count )
            {
                Log "Issue challenge for $alias" -seq $seq
                $result = Complete-ACMEChallenge $alias -ChallengeType dns-01 -Handler CloudFlare -HandlerParameters @{DomainName=$cloudflareDomain;EmailAddress=$cloudflareEmail;AuthKey=$cloudflareKey}                                                
                
            }
        }
        else
        {
            Log "The identifier '$alias' has been already been submitted" -seq $seq
        }

Do note that $cloudFlareDomain is the cloudflare main domain, not the alternative domains. So for retrieving, for example, test.github.com you'd still enter github.com for that variable, as it's based on your CloudFlare structure.

I've then built in a delay after doing the Complete-ACMEChallenge for all domains, as DNS propagation and CloudFlare sometimes made it fail and I just wanted it to always work. I've set it to 5 minutes:

Log "Sleeping for 5 minutes to let DNS propogate" -seq $seq
Start-Sleep -s 300
Log "Resuming operation after 5 minute sleep" -seq $seq

After which you iterate over all domains, Submit-ACMEChallenge, and follow the rest of the usual flow.

At the end make sure to call the Complete-ACMEChallenge with -Cleanup correctly, as it cleans up these keys in CloudFlare (important if you have multiple scripts hitting the same CloudFlare domain):

$domains.GetEnumerator() | ForEach-Object {
        $alias = $_.Key;
        $result = Complete-ACMEChallenge $alias -CleanUp -ChallengeType dns-01 -Handler CloudFlare -HandlerParameters @{DomainName=$cloudflareDomain;EmailAddress=$cloudflareEmail;AuthKey=$cloudflareKey}                                                
        Log "Cleanup of $alias with result $result" -seq $seq
    }

Let me know if this helps any or you'd like to know some more, a sample of where it goes wrong vs what worked with no alternate names might help.

janpieterz avatar Oct 27 '17 05:10 janpieterz

Thank you, @janpieterz !

ebekker avatar Oct 27 '17 09:10 ebekker