Soldato
Be gentle with me please... Windows is my normal domain!
I want to move from using http based challenges for issuing Let's Encrypt certificates to DNS. The domain for the cert's is now on a Cloudflare, so I can the API access methods from tools/scripts like Certbot or acme.sh to automate the DNS TXT record creation for validation.
There's assorted blogs using acme.sh eg
https://www.jamesridgway.co.uk/auto...d-key-lets-encrypt-cloudflare-dns-validation/
The acme.sh based guides ask for the Cloudflare API token to setup via export eg
As these values allow DNS manipulation (though you can obviously lock down the API token to certain tasks and source IPs), as a Linux numpty I was wondering how secure these values are once set (using export)?
The Certbot documentation does call it out (that looks use to a file for the credentials):
Thanks!
I want to move from using http based challenges for issuing Let's Encrypt certificates to DNS. The domain for the cert's is now on a Cloudflare, so I can the API access methods from tools/scripts like Certbot or acme.sh to automate the DNS TXT record creation for validation.
There's assorted blogs using acme.sh eg
https://www.jamesridgway.co.uk/auto...d-key-lets-encrypt-cloudflare-dns-validation/
The acme.sh based guides ask for the Cloudflare API token to setup via export eg
Code:
export CF_Token="xxxxx"
export CF_Account_ID="xxxxx"
export CF_Zone_ID="xxxxx"As these values allow DNS manipulation (though you can obviously lock down the API token to certain tasks and source IPs), as a Linux numpty I was wondering how secure these values are once set (using export)?
The Certbot documentation does call it out (that looks use to a file for the credentials):
Thanks!
