Cloudflare DNS provider

This project supports using Cloudflare for the DNS-01 challenge via the lego DNS provider.

Supported config fields (in config.json under ApplyCert.DNSProviderConfig):

DNSProvider: set to Cloudflare
Cloudflare.APIToken: Recommended — create a scoped API Token in Cloudflare (Zone.DNS edit).
Cloudflare.APIKey: Optional — Global API Key (not recommended when token available).
Cloudflare.Email: Optional — account email (used with Global API Key if needed).

Example config.json snippet:

{ "ApplyCert": { "DNSProviderConfig": { "DNSProvider": "Cloudflare", "Cloudflare": { "APIToken": "your-cloudflare-api-token", "APIKey": "optional-global-api-key", "Email": "you@example.com" } } } }

How to create a Cloudflare API token

Log into the Cloudflare dashboard.
Visit "My Profile" → "API Tokens" → "Create Token".
Use the "Edit zone DNS" template or create a custom token with the following permissions scoped to your zone(s):
- Zone:Zone:Read
- Zone:DNS:Edit
Save the token and put it into Cloudflare.APIToken.

Notes and links

The integration uses the lego v4 Cloudflare provider.
Cloudflare API docs: https://developers.cloudflare.com/api/
Certbot cloudflare plugin docs (useful for end users): https://certbot-dns-cloudflare.readthedocs.io/en/stable/

If you want, I can run go build and fix any compile errors from these changes, or adjust field names to match the exact lego provider struct names on your machine. Would you like me to build and test now?

1.6 KiB Raw Permalink Blame History

Cloudflare DNS provider

1.6 KiB

Raw Permalink Blame History