I configured it using certbot cert-only, and it suggests uses HTTP verification method.
I want to change the verification method using DNS certbot-dns-cloudflare
But I can’t find the documentation for renewing the certificate, how to renew the existing certificate?
and do I have to select the propagation to other than Automatic TTL?
If you haven't done so, try to follow this tutorial on install that plugin / configture it.
Please follow the tutorial and stop before execute this command (Ubuntu Users) : $ sudo apt install python-certbot-dns-cloudflare (Thanks @_az)
After that, please use the below command to convert the existing certificate (the one you wish to change) to use CloudFlare DNS validation: (replace the example.com and all related domains to yours) sudo certbot -a dns-cloudflare ---cert-name example.com --dns-cloudflare-credentials /root/.secrets/cloudflare.ini -d example.com,www.example.com --preferred-challenges dns-01
This shouldn't be an issue.
After you convert the certificate, you could just use certbot renew like before, but it would renew by CloudFlare DNS validation instead of the regular HTTP validation.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
With the dns-cloudflare plugin, you probably want to use the "certonly" command, eg:
certbot certonly --dns-cloudflare
(Alternatively, add a --installer flag. See https://eff.org/letsencrypt-plugins
and "--help plugins" for more information.)