GIDBlog Learning Journal

Certbot and Cloudflare DNS Plugin

I learnt today that I can run Certbot to create and renew Let’s Encrypt SSL/TLS for domains/web sites not hosted on the same machine – a fact I didn’t know before today.

Also, because Certbot can be used to manage Let’s Encrypt certificates for domain names hosted elsewhere, there is no requirement for the system running Certbot to have a web server like Apache/httpd running (for domain verification purposes).

In this case, (Certbot) domain verification is handled by DNS records managed by qualified third party DNS providers. One such provider is, of course, the ever-popular Cloudflare service. If, like, your web site is also protected and served by Cloudflare, this information is relevant to you.

Check if your DNS provider supports Certbot here.

So, to get a new (or renew a) Let’s Encrypt SSL/TLS certificate for your web site, you’ll need to do 3 tasks:

  1. Install Certbot
  2. Create a credentials file for your DNS provider
  3. Run a Certbot command

This what I did myself to accomplish these 3 tasks, and I have just replaced “” with “” in the notes below.

1. Install Certbot on CentOS 7

Before proceeding, please ensure that you enable the EPEL (Extra Packages for Enterprise Linux) repository on your CentOS 7 server. Then…

In a terminal (as root):

yum install certbot python2-certbot-dns-cloudflare

2. Create a credentials file for Cloudflare

Next, you need to prepare a credentials file, e.g. credentials.ini, that will allow Certbot access to the Cloudflare API using your private data in the file. Let’s create this credentials file now. Again, in a terminal (as root):

mkdir $HOME/.secret $HOME/.secret/cf
vi $HOME/.secret/cf/credentials.ini

File: credentials.ini

# Cloudflare API credentials used by Certbot
dns_cloudflare_email = [email protected]
dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234567

Line no. 3: You can get your email address here.
Line no. 4: Your Cloudflare API key here (use the Global API Key).

After saving and closing the credentials file, let’s modify the permissions of the file so no one else can access/read it. In the same terminal (as root):

chmod 600 $HOME/.secret/cf/credentials.ini

3. Run Certbot command to create certificate

To create a Let’s Encrypt SSL/TLS certificate for domain names: and In a terminal (as root):

certbot certonly \
  --dns-cloudflare \
  --dns-cloudflare-credentials $HOME/.secret/cf/credentials.ini \
  -d \

If everything goes as planned, the final output from this command will look something like this:

– Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/
Your key file has been saved at: /etc/letsencrypt/live/
Your cert will expire on 2020-02-19. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run “certbot renew”

GIDBlog Learning Journal

WordPress Plugin for Google AdSense Auto Ads

I will show you how I inserted Google AdSense Auto Ads JavaScript ad code to this web site today.

The Google AdSense Auto Ads ad code is only a single line long, so it was unnecessary to get overly complicated with the plugin or PHP code.

Create file: gid-wp-google-adsense-auto-ads.php

Using my favourite text/PHP editor, I created a PHP file: gid-wp-google-adsense-auto-ads.php. This is how it looks:

Plugin Name: GID WP Google AdSense Auto Ads
Plugin URI:
Description: Inserts Google AdSense Auto Ads, in the header.
Author: J de Silva
Version: 1.0
Author URI:

// Replace "NNNNNNNNNNNNNNNN" with your Google AdSense Publisher ID (just the 16-digit number)

function gid_google_adsense_autoads()
<script data-ad-client="ca-pub-<?php echo GID_GA_PUBID; ?>" async src=""></script>
add_action( 'wp_head', 'gid_google_adsense_autoads', 10 );

Do not forget to paste your own Google AdSense publisher ID (just the 16-digit number) in the PHP code before uploading the file. See line no. 12 above.

Upload gid-wp-google-adsense-auto-ads.php

Save the file and upload it to the /wp-content/plugins/ folder of your WordPress site. On my Linux laptop, with the scp command, this is as simple as:

scp -v $HOME/gid-wp-google-adsense-auto-ads.php [email protected]:/var/www/html/wp-content/plugins/

Finally, go to the Plugins page inside your WordPress site’s admin dashboard to activate this plugin.

GIDBlog News

GID Spam Detector 1.1.0

Updated my plugin, GID Spam Detector, to version 1.1.0 today.

GIDBlog News

Introducing GID Spam Detector

Just under a week old, and has already attracted the comment spammers once again. So this morning I decided I need to fix this before I do anything else.

Introducing GID Spam Detector, a custom WordPress plugin I have started to develop for this site to keep the comment spammers away.