Setup a DNS challenge with Cloudflare

Set up the DNS records

To begin with we need to set up two DNS records in our cloudflare dashboard, one should look like this:

And the other one should like this:

Obtain your API key

Now we need to get the api key that traefik is going to use to get the certificates. In order to do that go to this (opens in a new tab) page of the cloudflare dashboard and click Create token. Then select the Edit zone DNS template. The only thing you need to do is select your domain in the Zone Resources section. Finally click Continue to summary and then Create token, make sure to save that token since you can only view it once.

Create the custom compose file

We need to give the token to traefik in order to do that we need to create a custom compose with the following contents:

version: '3.9'
services:
  runtipi-reverse-proxy:
    environment:
      - CF_DNS_API_TOKEN=yourtoken

Make sure to replace the yourtoken part with the actual token you got in the previous step.

Edit the traefik config

Now it is time to edit the traefik config. You need to replace this part:

certificatesResolvers:
  myresolver:
    acme:
      email: acme@thisprops.com
      storage: /shared/acme.json
      httpChallenge:
        entryPoint: web

To this:

certificatesResolvers:
  myresolver:
    acme:
      email: email@example.com
      storage: /shared/acme.json
      dnsChallenge:
        provider: cloudflare
        delayBeforeCheck: 0

Make sure to replace the email@example.com with your actual email adress so Let's Encrypt can notify you if something is wrong.

Restart runtipi and test

Finally we need to restart runtipi with this command:

sudo ./runtipi-cli restart

After that you can go to your runtipi dashboard and try to expose an app, after you expose it traefik should automatically obtain an ssl certificate from Let's Encrypt, be patient though, it may take up to 2 minutes to complete.