Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Cloudflare - Create API Key for Let's Encrypt DNS Challenges

letsencrypt Certbot Cloudflare lets-encrypt

Tools like Certbot and Nginx Proxy Manager can perform DNS-based challenges in order to generate TLS certificates. This allows you to generate TLS certificates in places that can't be reached by the public internet, which can be extremely useful when you want to put certificates in place, before pointing DNS to a webserver.

Steps

Login to Cloudflare and click on the icon in the top-right and click on Profile.


Click on API Tokens.


Click on Create Token.


Select the Edit DNS Zone template.


Click the pencil to allow you to change the name of the token.


Fill in the details:

  1. Give a name to remember this by.
  2. Ensure set to DNS and Edit
  3. Select the domain you wish to edit DNS records for.
  4. Optionally specify IP addresses that the requests that use this token need to come from.
  5. Optionally set an expiry time.


At the summary page, click the button to create the token.

Finally, you will be presented with your token that you can feed into Certbot or Nginx proxy manager for renewing TLS certificates.

Last updated: 13th February 2025
First published: 13th February 2025

This blog is created by Stuart Page

I'm a freelance web developer and technology consultant based in Surrey, UK, with over 10 years experience in web development, DevOps, Linux Administration, and IT solutions.

Need support with your infrastructure or web services?

Get in touch
Programster's Blog Ⓒ 2025