sed -i -e 's/^CERTBOT_ARGS=/#\0/' /etc/sysconfig/certbot
sed -i -e 's/^PRE_HOOK=/#\0/' /etc/sysconfig/certbot
sed -i -e 's/^RENEW_HOOK=/#\0/' /etc/sysconfig/certbot
sed -i -e 's/^POST_HOOK=/#\0/' /etc/sysconfig/certbot
cat <<_EOT_ >> /etc/sysconfig/certbotCLOUDFLARE_AUTH_KEY=_cloudflare.api.key.of.your.site_CLOUDFLARE_AUTH_EMAIL=_email.address.associated.with.your.cloudflare.account_CERTBOT_ARGS="--manual --preferred-challenges=dns --manual-auth-hook _/path/to/certbot-dns-cloudflare/_authenticator.sh --manual-cleanup-hook _/path/to/certbot-dns-cloudflare/_cleanup.sh -d _your.domain.here_ --agree-tos --keep-until-expiring --manual-public-ip-logging-ok"PRE_HOOK=""RENEW_HOOK=""# add post Hook# e.g. restart httpd after renewal, put variable : POST_HOOK="--post-hook 'systemctl restart httpd'".POST_HOOK="--post-hook 'systemctl restart httpd'"# e.g. overwrite PostgreSQL tls, put variable : POST_HOOK="--post-hook '_/path/to/certbot-dns-cloudflare/_postgresql.sh'".#POST_HOOK="--post-hook '_/path/to/certbot-dns-cloudflare/_postgresql.sh'#PGDATA=_/path/to/postgres/x.x/_/data#PG_SERVICE=_service.name.of.postgresql-x.x__EOT_
4. Register Service and Timer
cat <<_EOT_ >> /usr/lib/systemd/system/certbot-certonly.service[Unit]Description=This service automatically renews any certbot certificates found[Service]EnvironmentFile=/etc/sysconfig/certbotType=oneshotExecStart=/usr/bin/certbot certonly \$PRE_HOOK \$POST_HOOK \$RENEW_HOOK \$CERTBOT_ARGS_EOT_
cat <<_EOT_ >> /usr/lib/systemd/system/certbot-certonly.timer[Unit]Description=This is the timer to set the schedule for automated renewals[Timer]OnCalendar=dailyRandomizedDelaySec=6hoursPersistent=true[Install]WantedBy=timers.target_EOT_