# Cloudflare DNS provider

This project supports using Cloudflare for the DNS-01 challenge via the lego DNS provider.

Supported config fields (in `config.json` under `ApplyCert.DNSProviderConfig`):

- `DNSProvider`: set to `Cloudflare`
- `Cloudflare.APIToken`: Recommended — create a scoped API Token in Cloudflare (Zone.DNS edit).
- `Cloudflare.APIKey`: Optional — Global API Key (not recommended when token available).
- `Cloudflare.Email`: Optional — account email (used with Global API Key if needed).

Example `config.json` snippet:

{
  "ApplyCert": {
    "DNSProviderConfig": {
      "DNSProvider": "Cloudflare",
      "Cloudflare": {
        "APIToken": "your-cloudflare-api-token",
        "APIKey": "optional-global-api-key",
        "Email": "you@example.com"
      }
    }
  }
}

How to create a Cloudflare API token

1. Log into the Cloudflare dashboard.
2. Visit "My Profile" → "API Tokens" → "Create Token".
3. Use the "Edit zone DNS" template or create a custom token with the following permissions scoped to your zone(s):
   - Zone:Zone:Read
   - Zone:DNS:Edit
4. Save the token and put it into `Cloudflare.APIToken`.

Notes and links

- The integration uses the lego v4 Cloudflare provider.
- Cloudflare API docs: https://developers.cloudflare.com/api/
- Certbot cloudflare plugin docs (useful for end users): https://certbot-dns-cloudflare.readthedocs.io/en/stable/

If you want, I can run `go build` and fix any compile errors from these changes, or adjust field names to match the exact lego provider struct names on your machine. Would you like me to build and test now?