Single file, pure Bash dehydrated (formely letsencrypt.sh) hook using the CloudFlare API implementing the dns-01 ACME challenge.
All the packages are available on the latest Debian stable (jessie, at the time of writing), and may be installed using:
sudo apt-get install bash awk jq publicsuffixThis hook supports authenticating using either a bearer token or the global API key. Both can be obtained at the "API tokens" section.
This is the preferred method, as the allowed operations can be limited to updating a single DNS zone.
For this method, you'd need to export the CF_TOKEN variable, with a suitable token that has read/write access to the DNS zone for which you want to issue certificates.
This method is less secure, as if someone were capable of reading these keys they'd have full access to your account.
For this method, you'd need to export the CF_EMAIL and CF_KEY variables with your CloudFlare email and API key respectively.