Go to cloudflare and login
click profile icon
select my profile
go to api tokens tab
create new custom token
Give token a name
give the following permissions
- Zone Zone Edit
- Zone DNS Edit
Zone Resources
Include all zones
IP Address filtering
noneĀ (unless you wanted to restrict access, I have not as my IP is dynamic)
TTL
Blank
Continue to summary
Create token
Copy API Token
Install Certify the web application
https://certifytheweb.com/home/
For authentication we will use DNS verification via Cloudflare API
On Certify the web go to Settings
stored credentials
add new stored credentials
Select Cloudflare DNS API
Set credentials name to easily identify
fill in the api token in the api token field
click save
on manage certificates page
new certificate
click okay on prompt about registering a new contact
select certificate authority of lets encrypt
enter email address,( notify you of upcoming renewals if required, invalid email addresses will be rejected by certificate authority
Agree to the terms
click register contact
On new certificate window
leave slecte site as no IIS side selected
add the required domain name and click +
Go to authorization tab
change challenge type to dns-01
DNS update method – cloudflare DNS API
Credentials name of the credentials you created
On DNS Zone ID click on the 3 dots a new item would appear showing select zone
click on select zone and select your required domain
If it does not show your required domain check permission on the API Key
Save
then test
a notification will appear at the top right,
if successful “All test completed OK”
Request Certificate
wait for it to complete
once shows as success request complete
Go to tasks tab
add deployment task
Deploy to generic server (Multi-purpose) provides PEM CRT and key files
on task parameters tab
authentication local
output file path .crt c:\certificates\cert.crt
output file path .key c:\certificates\cert.key
output file path chain c:\certificates\certchain.crt
Go to location you specified and confirm the files show