letsencrypt certbot cloudflare zone pause and unpause

README.md

Description

This makes it easy to automate pausing your Cloudflare zone(s), renewing your letsencrypt certs, and then unpausing your zone(s).

Installation

• Ensure python-cloudflare is installed either in system or virtualenv.
• Make sure you chmod 0700 certbot-renew.sh before you add your credentials.
• Replace your existing certbot renew cron job with something like @daily /path/to/certbot-renew.sh.
• It's helpful to have MAILTO="youremail" in the top of your crontab to easily see the output whenever it runs.

Author

Mark Caudill [email protected]

certbot-renew.sh

#!/bin/bash

export CF_API_EMAIL="REDACTED"
export CF_API_KEY="REDACTED"
/path/to/python3 /path/to/pause-zone.py pause domain.tld
/bin/certbot renew
/path/to/python3 /path/to/pause-zone.py unpause domain.tld

pause-zone.py

#!/usr/bin/env python3

import argparse
import sys
import CloudFlare


def main():
    parser = argparse.ArgumentParser(description="pause and unpause zones")
    parser.add_argument('action', choices=['pause', 'unpause'])
    parser.add_argument('domain')
    args = parser.parse_args()

    cf = CloudFlare.CloudFlare() # Auth variables should be in env

    # Get the zone id
    for zone in cf.zones.get():
        if zone['name'] == args.domain:
            zone_id = zone['id']
    if not zone:
        print("%s not found." % args.domain)
        sys.exit(1)

    try:
        if args.action == 'unpause':
            print("Unpausing %s" % args.domain)
            cf.zones.patch(identifier1=zone_id, data={'paused': False})
        elif args.action == 'pause':
            print("Pausing %s" % args.domain)
            cf.zones.patch(identifier1=zone_id, data={'paused': True})
    except CloudFlare.exceptions.CloudFlareAPIError as e:
        print(e)

if __name__ == "__main__":
    main()