DNS-01チャレンジ
Welcome to certbot-dns-cloudflare’s documentation!
CertbotをDockerコンテナとして起動し、DNS-01チャレンジによるドメインのTLS認証と証明書の取得を行います。CertbotのデフォルトDockerイメージには、CloudflareのDNS-01チャレンジのプラグインが含めれていないため、以下のイメージを利用します。
Dockerイメージ
https://hub.docker.com/r/certbot/dns-cloudflare
チャレンジに必要なファイルは、以下のAPIトークンを含むINIファイルのみです。
Cloudflareのユーザ管理画面からDNSゾーン限定のトAPIークンを作成しcloudflare.iniファイルとして保存します。アクセス権は600に設定して下さい。
cloudflare.ini
# Cloudflare API token used by Certbot
dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567
DockerコンテナとしてCertbotを起動します。起動時にコンテナ内にcloudflare.iniファイルが存在する状態にしないと、ファイルが見つからないエラーが発生します。
これを回避するため、-vオプションで明示的にcloudflare.iniファイルをコンテナ内にコピーするようにして下さい(コンテナのワーキングディレクトリは/opt/certbot)。
$ docker run -it --rm --name certbot_cloudflare -v "/etc/letsencrypt:/etc/letsencrypt" -v "./cloudflare.ini:/opt/certbot/cloudflare.ini" certbot/dns-cloudflare:latest certonly --dns-cloudflare --dns-cloudflare-propagation-seconds 60 --dns-cloudflare-credentials ./cloudflare.ini -d example.com -d *.example.com
更新手続き
$ docker run -it --rm --name certbot_cloudflare -v "$PWD/cloudflare_letsencrypt:/etc/letsencrypt" -v "$PWD/cloudflare.ini:/opt/certbot/cloudflare.ini" certbot/dns-cloudflare:latest renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
/etc/letsencrypt/live/example.com/fullchain.pem expires on 2024-06-09 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DNS-01 Challengeプロバイダーリスト
| DNS Hosting Provider | ACME Client Support | Cost |
|---|---|---|
| Akamai Edge DNS | Certbot , lego , Posh-ACME , acme.sh | Contract Specific |
| Aliyun (CN) & Alibaba Cloud DNS (EN) | acme.sh , lego , Posh-ACME | Bundled with domain registration or Cloud DNS pricing |
| Amazon Route53 | Certbot , acme.sh , others | ~$0.50/mo per domain |
| Azure DNS | acme.sh , lego , Posh-ACME | ~$0.50/mo per domain |
| Cloudflare | Certbot , acme.sh , others | Free (except for Freenom domains) |
| ClouDNS | acme.sh , lego , Posh-ACME , others | >= $2.95/mo (with API-support) |
| CloudXNS | Certbot , acme.sh , lego | Free, Chinese only |
| deSEC | Certbot , acme.sh , others | Free |
| DigitalOcean | Certbot , acme.sh , others | Free |
| DNS Made Easy | Certbot , acme.sh , others | $59.95/yr (Business Membership gives API access) |
| DNSimple | Certbot , acme.sh , others | $5/mo |
| DNSPod.com | acme.sh , lego , Posh-ACME | Free |
| DuckDNS | acme.sh , lego , others | Free |
| Dyn | acme.sh , lego , others | $7/mo |
| Dynu | acme.sh , lego , Posh-ACME | Free |
| EasyDNS | acme.sh , lego , Posh-ACME | Bundled with domain registration (250k queries/month) or $20/yr for 1 MM queries/month |
| FreeDNS/afraid.org | acme.sh , Posh-ACME (no API, HTTP emulation) | Free (if you share your domain with others ) |
| Google Cloud DNS | Certbot , acme.sh , others | ~$0.20/mo |
| Hetzner | lego , Posh-ACME | Free |
| Hurricane Electric | acme.sh , Posh-ACME (no API, HTTP emulation) | Free |
| IBM Cloud DNS | Posh-ACME | $275/mo per domain for Standard plan |
| Luadns | Certbot , acme.sh , others | Free |
| MyDNS.jp | acme.sh , lego | Free |
| NS1 | Certbot , acme.sh , others | ? (Free “developer” plan) |
| Open Telekom Cloud | lego | 0,36 €/mo per zone |
| OVH | Certbot , acme.sh , others | Free |
| PointHQ | acme.sh , Posh-ACME | $25/mo per 10 domains |
| Rackspace Cloud DNS | acme.sh , lego , Posh-ACME , others | Free |
| Selectel | acme.sh , lego , Posh-ACME | Free |
| Shellrent | Certbot | 1, €/y per zone |
| StackPath | lego | $10/mo |
| Vultr | acme.sh (via Lexicon), lego , others | Free |
| Yandex.Mail | acme.sh , lego , Posh-ACME | Free |
| Zilore | acme.sh , Posh-ACME | $5/mo or higher for API access |
| Zonomi | acme.sh , lego , Posh-ACME | Free |
| Domain Registrar: Active24 | acme.sh | Bundled with domain registration |
| Domain Registrar: alwaysdata | acme.sh | Bundled with domain registration |
| Domain Registrar: ConoHa | acme.sh , lego | Bundled with domain registration (Japanese) |
| Domain Registrar: cyon.ch | acme.sh | Bundled with domain registration |
| Domain Registrar: do.de | acme.sh , lego , Posh-ACME | Bundled with domain registration |
| Domain Registrar: domeneshop | acme.sh , Posh-ACME | Bundled with domain registration.Note that domainname.shop (in English) is an alias of domene.shop (in Norwegian) |
| Domain Registrar: DreamHost | acme.sh , lego , Posh-ACME | ? (bundled with domain registration or hosting?) |
| Domain Registrar: Euserv | acme.sh | Bundled with domain registration |
| Domain Registrar: Exoscale | acme.sh , lego | Bundled with domain registration |
| Domain Registrar: Futurehosting | acme.sh | Bundled with domain registration |
| Domain Registrar: Gandi | acme.sh , lego , Posh-ACME | Bundled with domain registration |
| Domain Registrar: GoDaddy | acme.sh , lego , Posh-ACME | Bundled with domain registration, 10+ domains in account required to use |
| Domain Registrar: GratisDNS.dk | acme.sh | Bundled with domain registration (Danish) |
| Domain Registrar: hosting.de | acme.sh , lego | Bundled with domain registration (German) |
| Domain Registrar: infomaniak.com | acme.sh , lego , Posh-ACME | Bundled with domain registration (Swiss) |
| Domain Registrar: internetx.com | acme.sh , lego , Posh-ACME | Bundled with domain registration |
| Domain Registrar: inwx.de | acme.sh , lego | Bundled with domain registration |
| Domain Registrar: Loopia.se | acme.sh , Posh-ACME | Bundled with domain registration (Swedish) |
| Domain Registrar: name.com | acme.sh , lego , Posh-ACME | Bundled with domain registration |
| Domain Registrar: Namesilo | Certbot , acme.sh , lego | Bundled with domain registration |
| Domain Registrar: Neodigit.net | acme.sh | Bundled with domain registration (Spanish) |
| Domain Registrar: netcup | acme.sh , lego | Bundled with domain registration |
| Domain Registrar: Nexcess | acme.sh | Bundled with domain registration |
| Domain Registrar: Online.net | acme.sh | Bundled with domain registration |
| Domain Registrar: reg.ru (reg.com ) | acme.sh , lego , Posh-ACME | Bundled with domain registration (Russian) |
| Domain Registrar: Servercow | acme.sh , lego | Bundled with domain registration (German) |
| Domain Registrar: TELE3 | acme.sh | Bundled with domain registration (Czech) |
| Domain Registrar: UnoEuro | acme.sh , Posh-ACME | Bundled with domain registration |
| Domain Registrar: Zone.eu | acme.sh , lego | Bundled with domain registration |
| Web Host: KingHost | acme.sh | Free (adult-only web host) |
| Web Host: Linode | Certbot , acme.sh , others | Bundled with hosting |
| Web Host: Thermo.io | acme.sh | Variable hosting fee |
| Self-Hosted: acme-dns | Certbot , acme.sh , others | Free, Open Source |
| Self-Hosted: BlueCat | Posh-ACME | Enterprise DDI (Contract Specific) |
| Self-Hosted: cPanel | Certbot , lego | $20/mo licence or variable cost for shared cPanel hosting |
| Self-Hosted: DirectAdmin | acme.sh | Free |
| Self-Hosted: Infoblox | acme.sh , Posh-ACME | Enterprise DDI (Contract Specific) |
| Self-Hosted: ISPConfig | acme.sh | Free |
| Self-Hosted: Knot (knsupdate) | acme.sh | Free, Open Source |
| Self-Hosted: PowerDNS | acme.sh , lego | Free, Open Source |
| Self-Hosted: Simple DNS Plus | Posh-ACME | $79 for 5 zone license |
| Self-Hosted: Windows DNS | Posh-ACME | Free with Windows Server OS license |
Wiki instructions: