is a lightweight LetsEncrypt client written as a Bash script.

There is a list with the most useful commands.

Start root shell

sudo su -


curl | sh

Restart a root shell when installation will finish.

sudo su -

Auth now supports Cloudflare's API Tokens. You can check out the documentation here.

Below is an outdated version with Global API Key.

export CF_Key="xxx"
export CF_Email=""

You can obtain a CF_Key using Cloudflare Dashboard.

Create a directory for certificates

mkdir -p /etc/nginx/ssl/

Issue a wildcard certificate --issue --dns dns_cf --keylength ec-256 \
-d -d '*' --dnssleep 60 --install-cert -d --ecc \
--cert-file /etc/nginx/ssl/ \
--key-file /etc/nginx/ssl/ \
--fullchain-file /etc/nginx/ssl/ \
--reloadcmd "systemctl reload nginx.service"

If dnssleep parameter is not defined, will use DoH protocol to check availability of entries. I haven't tested that mode yet.

Revoke a certificate --revoke -d --ecc


Image by FLY:D from Unsplash.