Cloudflare

If you use Cloudflare, there’s the Cloudflare DNS plugin from certbot.

Create a token first, as in https://roelofjanelsinga.com/articles/using-caddy-ssl-with-cloudflare/

# Install the module. It will pull in the parts of certbot that are needed
sudo apt install python3-certbot-dns-cloudflare

# Create a credential file. Certbot will save the path for use during renewals
sudo bash -c 'echo "dns_cloudflare_api_token = aLongStringOfChars" > /etc/letsencrypt/cloudflare.ini'
sudo chmod 600 /etc/letsencrypt/cloudflare.ini

DOMAIN=your.org

# We added a hook for mail, but substitute your own as desired
sudo certbot certonly \
    --agree-tos \
    --dns-cloudflare \
    --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini \
    --domains mail.$DOMAIN \
    --email postmaster@$DOMAIN \
    --deploy-hook "service postfix reload; service dovecot reload"

You may see a warning about the plugin version not being pinned. That’s safe to ignore. You’re looking for the message that it successfully received a certificate.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified April 6, 2026: Cert Doc additions (8d37dbc)