Membuat API Token Cloudflare

Panduan kali ini akan menjelaskan cara untuk membuat create API token di cloudlfare. Lalu untuk pengetesan API dengan cara melakukan issue SSL menggunakan acme.sh metode dns_cf

Create API Token

#

1. Login ke Dashboard Cloudflare
2. Buka My Profile > API Tokens. 
3. Pilih Create Token
4. Pilih Edit zone DNS templates

   

5. Masukan nama domain pada bagian Zone Resource

   

6. Klik Continue to summary dan Create Token

Copy Token untuk digunakan pada saat issue dengan acme.sh

Test API

#

1. Test untuk memastikan token valid dan status aktif

curl -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" \
     -H "Authorization: Bearer <API_TOKEN>" \
     -H "Content-Type:application/json"

2. Install acme.sh. Untuk caranya klik disini
3. Untuk issue SSL gunakan perintah berikut

export CF_Token=<API_TOKEN>
acme.sh --issue -d sff.bisacloud.my.id --dns dns_cf

Hasil:

[Sun Feb 12 10:36:13 UTC 2023] Using CA: https://acme.zerossl.com/v2/DV90
[Sun Feb 12 10:36:13 UTC 2023] Single domain='sff.bisacloud.my.id'
[Sun Feb 12 10:36:13 UTC 2023] Getting domain auth token for each domain
[Sun Feb 12 10:36:16 UTC 2023] Getting webroot for domain='sff.bisacloud.my.id'
[Sun Feb 12 10:36:16 UTC 2023] Adding txt value: dsux3bNCQg78poSoRD3txtLTHX3KpOoBcYY6pp8tA0I for domain:  _acme-challenge.sff.bisacloud.my.id
[Sun Feb 12 10:36:17 UTC 2023] Adding record
[Sun Feb 12 10:36:18 UTC 2023] Added, OK
[Sun Feb 12 10:36:18 UTC 2023] The txt record is added: Success.
[Sun Feb 12 10:36:18 UTC 2023] Let's check each DNS record now. Sleep 20 seconds first.
[Sun Feb 12 10:36:39 UTC 2023] You can use '--dnssleep' to disable public dns checks.
[Sun Feb 12 10:36:39 UTC 2023] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck
[Sun Feb 12 10:36:39 UTC 2023] Checking sff.bisacloud.my.id for _acme-challenge.sff.bisacloud.my.id
[Sun Feb 12 10:36:39 UTC 2023] Domain sff.bisacloud.my.id '_acme-challenge.sff.bisacloud.my.id' success.
[Sun Feb 12 10:36:39 UTC 2023] All success, let's return
[Sun Feb 12 10:36:39 UTC 2023] Verifying: sff.bisacloud.my.id
[Sun Feb 12 10:36:40 UTC 2023] Processing, The CA is processing your order, please just wait. (1/30)
[Sun Feb 12 10:36:44 UTC 2023] Success
[Sun Feb 12 10:36:44 UTC 2023] Removing DNS records.
[Sun Feb 12 10:36:44 UTC 2023] Removing txt: dsux3bNCQg78poSoRD3txtLTHX3KpOoBcYY6pp8tA0I for domain: _acme-challenge.sff.bisacloud.my.id
[Sun Feb 12 10:36:46 UTC 2023] Removed: Success
[Sun Feb 12 10:36:46 UTC 2023] Verify finished, start to sign.
[Sun Feb 12 10:36:46 UTC 2023] Lets finalize the order.
[Sun Feb 12 10:36:46 UTC 2023] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/MG8VHRYgxF-pAg1-NMNklQ/finalize'
[Sun Feb 12 10:37:21 UTC 2023] Polling order status: https://acme.zerossl.com/v2/DV90/order/MG8VHRYgxF-pAg1-NMNklQ
[Sun Feb 12 10:37:22 UTC 2023] Downloading cert.
[Sun Feb 12 10:37:22 UTC 2023] Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/URZQqu3eTUHqEkWt-3lKTA'
[Sun Feb 12 10:37:24 UTC 2023] Cert success.
-----BEGIN CERTIFICATE-----
MIIEBDCCA4qgAwIBAgIQSCsb5PQ0Yd80UQlyH9c0OjAKBggqhkjOPQQDAzBLMQsw
...
eAfxeNE0112rfa/+s2cBtRdAAp9MQpTb
-----END CERTIFICATE-----
[Sun Feb 12 10:37:24 UTC 2023] Your cert is in: /home/sff/.acme.sh/sff.bisacloud.my.id_ecc/sff.bisacloud.my.id.cer
[Sun Feb 12 10:37:24 UTC 2023] Your cert key is in: /home/sff/.acme.sh/sff.bisacloud.my.id_ecc/sff.bisacloud.my.id.key
[Sun Feb 12 10:37:24 UTC 2023] The intermediate CA cert is in: /home/sff/.acme.sh/sff.bisacloud.my.id_ecc/ca.cer
[Sun Feb 12 10:37:24 UTC 2023] And the full chain certs is there: /home/sff/.acme.sh/sff.bisacloud.my.id_ecc/fullchain.cer