Go to cloudflare and login

click profile icon

select my profile

go to api tokens tab

create new custom token

Give token a name

give the following permissions

  • Zone Zone Edit
  • Zone DNS Edit

Zone Resources

Include all zones

IP Address filtering

noneĀ (unless you wanted to restrict access, I have not as my IP is dynamic)



Continue to summary

Create token

Copy API Token

Install Certify the web application


For authentication we will use DNS verification via Cloudflare API

On Certify the web go to Settings

stored credentials

add new stored credentials

Select Cloudflare DNS API

Set credentials name to easily identify

fill in the api token in the api token field

click save


on manage certificates page

new certificate

click okay on prompt about registering a new contact

select certificate authority of lets encrypt

enter email address,( notify you of upcoming renewals if required, invalid email addresses will be rejected by certificate authority

Agree to the terms

click register contact


On new certificate window

leave slecte site as no IIS side selected

add the required domain name and click +

Go to authorization tab

change challenge type to dns-01

DNS update method – cloudflare DNS API

Credentials name of the credentials you created

On DNS Zone ID click on the 3 dots a new item would appear showing select zone

click on select zone and select your required domain

If it does not show your required domain check permission on the API Key


then test

a notification will appear at the top right,

if successful “All test completed OK”

Request Certificate

wait for it to complete

once shows as success request complete

Go to tasks tab

add deployment task

Deploy to generic server (Multi-purpose) provides PEM CRT and key files

on task parameters tab

authentication local

output file path .crt c:\certificates\cert.crt

output file path .key c:\certificates\cert.key

output file path chain c:\certificates\certchain.crt

Go to location you specified and confirm the files show