Convert AWS Route53 to Cloudflare Let’s Encrypt DNS challenge with acme.sh

· >

How To Convert AWS Route53 to Cloudflare Let’s Encrypt DNS challenge with acme.sh

Gaining the encryption needed for your website is an essential step in protecting your online visitors. Doing so, however, traditionally involves having to pay for an SSL certificate and hiring IT professionals to configure the certificate on your website and server. Thankfully, with the use of Let’s Encrypt and acme.sh, an automated process is now available to help webmasters generate and install a trusted SSL certificate for their website without any cost.

This article will explain how you can convert your DNS from AWS Route53 to use Cloudflare for the Let’s Encrypt DNS verification using acme.sh.

What is DNS? How DNS Works? Domain Name System Explained

recommended reading

Convert DNS Record Types to Cloudflare

Before you start the DNS verification process, you need to first convert your Django app’s DNS record into acceptable record types by Cloudflare. The live DNS records you wish to use to verify the domain must be in one of the following formats:

  • A record to an IPv4 address and
  • AAAA record to an IPv6 address

For other DNS record types such as CNAME, you will need to create an A or AAAA record to point it to the IP address.

DNS settings to avoid Email Spoofing and Phishing for unused domains

recommended reading

Create API Token for CloudFlare and Configure acme.sh

Once you’ve converted your DNS records to the supported formats, you can then start the configuration of acme.sh for Cloudflare. The first step of this process is to set up your API token. To generate your API token, you will need to log into your Cloudflare account, select “My Profile” and select “API Tokens” from the left navigation menu. Once you have created your token, keep it safe and secure as it contains sensitive information.

The next step is to configure the acme.sh script with Cloudflare by adding the [–dns dns_cf] parameter to the command. This parameter is to identify that you are using the Cloudflare script. You will also need to add the [–dnssleep number] parameter that will be used to specify the time required for the DNS change to sync.

How to setup a DNS A Record for my domain?

recommended reading

Execute the acme.sh Renewal Script

Once the configuration of acme.sh with Cloudflare is completed, you can now execute the renewal script. To do this, you will need to run the following command to obtain Let’s Encrypt certificates using acme.sh:

acme.sh –issue –dns dns_cf -d yourdomain.com -d www.yourdomain.com –dnssleep 30

Once the renewal script is executed, Allow a few minutes for the DNS change to sync with Cloudflare and your Let’s Encrypt SSL certificate will be successfully obtained.

How to add swap to AWS EC2 / LightSail Amazon Linux Instance

recommended reading


Let’s Encrypt can help you obtain the encryption you need for your website without the need for spending money or hiring IT professionals. This article has explained how to convert from AWS Route53 to Cloudflare Let’s Encrypt DNS challenge with acme.sh. With the use of this automated process, you will be able to set up and obtain an SSL certificate for your website quickly and easily.

Notify of
Inline Feedbacks
View all comments