The current status is as follows:
Currently, he uses the freenom DNS service, where I have a registered TLD for free (freenom offered some tlds for free: ga. ml, tk, etc.).
I host the website on my own server with a public dynamic IPv4 address. Until recently, everything worked perfectly and automatically (renew the domain, updating the dynamic IPv4 address…).
Not long ago, freenom started using captcha and Linux bash scripts stopped working.
I want to end cooperation with freenom and it seems that cloudflare will be a good option.
I want to buy a TLD for 10 years. I am from the European Union, but I know that cloudflare does not offer EU TLD. I am willing to take any TLD for 10 years, because it is the cheapest option for me. I found that a very cheap TLD is “win” (10 years 31.6$).
I also use (local) subdomains on my servers, so I need to get let’s encrypt certificates using the dns 01 challenge.
As you already noticed, my IPv4 address is dynamic, so I need an automatic update when it changes. My servers run on debian 11 (soon I will upgrade to debian 12) with nginx reverse proxy and apache2 backend.
I want to ask experienced technicians if my solution is OK, or could I change it for the better?
Another question: are there ready-made bash scripts for updating the IPv4 address and for let’s encrypt (certbot) with dns 01 challenge?
I apologize, but English is not my native language. I used google translator.
For Let’s Encrypt, certbot has a Cloudflare DNS plugin. On Debian:
apt install python3-certbot-dns-cloudflare
With that installed, create a file, for example /etc/letsencrypt/cloudflare.ini, with contents like:
dns_cloudflare_api_token = blablabla
And obviously put your Cloudflare API token where it says blablabla, making sure you generate the token with permission to edit the zone’s DNS. Now you can call certbot like so:
certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini -m [email protected] --agree-tos -d host.example.com
I use this myself, and the only problem I’ve ever had with it is that, when a certificate has several names, it sometimes doesn’t wait long enough for the DNS entries to become visible, and I have to run it again. When it later runs automatically it will retry itself anyway, so no big deal.
For updating your dynamic IP in DNS, you’ll have to find a script. There is this one and this one, neither of which I’ve ever used myself. Someone else might have better experience with this.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.