{"id":"serversideup-certbot-dns-cloudflare","name":"certbot-dns-cloudflare","homepage":"https://hub.docker.com/r/serversideup/certbot-dns-cloudflare","repo_url":"https://hub.docker.com/r/serversideup/certbot-dns-cloudflare","category":"infrastructure","subcategories":[],"tags":["certbot","acme","letsencrypt","dns-01","cloudflare","certificate-management","automation"],"what_it_does":"certbot-dns-cloudflare is a Certbot DNS authentication plugin that automates DNS-01 challenges in Cloudflare by creating and removing the required TXT records so Let’s Encrypt certificates can be issued/renewed.","use_cases":["Issue or renew Let’s Encrypt certificates using DNS-01 challenges with domains managed in Cloudflare","Automate certificate management for wildcard domains (e.g., *.example.com) hosted on Cloudflare","Run certbot in environments where HTTP-01 validation is not feasible (locked-down ports, custom ingress, etc.)"],"not_for":["Domains not managed in Cloudflare","Use cases requiring API access to certificate issuance directly via a programmatic service (this is a local Certbot plugin, not a hosted API)","Organizations that cannot store/manage Cloudflare credentials on the machine running Certbot"],"best_when":"You’re already using Certbot and need automated DNS-01 validation specifically for Cloudflare-managed DNS records (including wildcard certificates).","avoid_when":"You cannot grant the required Cloudflare DNS permissions to the credentials used by certbot, or you cannot run Certbot with the plugin on a system that can reach Cloudflare’s API.","alternatives":["certbot-dns-route53 (AWS Route 53 DNS-01 plugin)","certbot-dns-google (Google Cloud DNS DNS-01 plugin)","acme.sh with Cloudflare DNS API integration","Different ACME client DNS plugins for other DNS providers (e.g., for DigitalOcean, Azure DNS, NS1, etc.)"],"af_score":36.2,"security_score":63.0,"reliability_score":36.2,"package_type":"mcp_server","discovery_source":["docker_mcp"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T21:36:13.538583+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Cloudflare API token (DNS edit permissions) or Cloudflare API credentials as supported by the Certbot plugin","Using a credentials file configured for the plugin"],"oauth":false,"scopes":false,"notes":"Auth is performed against Cloudflare’s API using credentials that must be provided to the plugin (typically via a credentials file or environment variables, depending on documented setup). No OAuth flow is indicated for this plugin."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No service pricing is implied by the plugin itself; costs (if any) are generally limited to Certbot usage and any Cloudflare API/plan considerations."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":true,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":36.2,"security_score":63.0,"reliability_score":36.2,"mcp_server_quality":0.0,"documentation_accuracy":40.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":60.0,"rate_limit_clarity":20.0,"tls_enforcement":90.0,"auth_strength":70.0,"scope_granularity":60.0,"dependency_hygiene":50.0,"secret_handling":40.0,"security_notes":"This plugin relies on Cloudflare API credentials to create/delete DNS TXT records. Security depends on how credentials are provided (e.g., least-privilege API tokens vs. broad credentials) and on safe handling of secrets on the host. TLS usage is expected for API calls, but specific dependency/security practices and secret-handling guarantees are not verifiable from the provided information.","uptime_documented":0.0,"version_stability":60.0,"breaking_changes_history":50.0,"error_recovery":35.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["This is a local Certbot plugin (invoked by Certbot) rather than a standalone network API; agent integration is mainly via running/templating certbot CLI and handling credentials/ENV files.","DNS-01 depends on propagation timing; transient failures may occur if TXT records are not visible yet.","Correct cleanup of TXT records is critical; if runs are interrupted, stale records may remain."]}}