Home  >  Cloudflare / Lets Encrypt

Creating Cloudflare API Tokens

Published date

Last modified date

Author

Comments: 0

A number of my articles use the Cloudflare API for issuing SSL certificates from Let’s Encrypt via the DNS-01 challenge. This post walks-through creating a new token.

Sign into the Cloudflare portal, click the user icon in the top right corner and go to “My Profile”. Once there, click API Tokens, then Create Token and finally click “Use template” against “Edit zone DNS”.

The settings below are to create a token which just has the rights to edit the DNS zone for a single domain, with access restricted to the static IP address of the server requesting the SSL (to further limit use of the token).

Once the settings are configured, click “Continue to summary” and then confirm the token. On the next page you’ll see the actual token for the only time – copy & paste somewhere self (perhaps the vault of your password manager) as you can’t view it again!

The last step is to rename the token so you know which server you’ve used it with – that makes it easier to track things in the future and perhaps revoke a token if a server gets compromised.

Finding your Account & Zone IDs

Other items you might need are the Cloudflare Account ID & DNS Zone ID. To find these, click the drop-down in the top left corner of the Cloudflare portal and pick the domain you want a certificate for. You should end up on the DNS page – scroll down and on the right hand side should be the two IDs to copy:

Categories:CloudflareLets Encrypt

Chris

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.