Integration done for Cloudflare API for TLS Certificate

[murtaza-ghadiali]

🧾 Summary

Integrated Cloudflare API with Certbot DNS validation to enable automated TLS certificate issuance and renewal for domains managed in Cloudflare.

🔧 Changes Implemented

• Added support for Cloudflare DNS-based validation using Certbot
• Enabled automated creation and cleanup of DNS records during TLS verification
• Integrated secure Cloudflare API Token–based authentication

📦 Prerequisites

Install the required Certbot Cloudflare DNS plugin on the server:

pip install certbot-dns-cloudflare

⚠️ Ensure Certbot is installed using pip when using this plugin. Mixing apt and pip installations may cause issues.

🔑 Cloudflare API Token Setup

A Cloudflare API Token is required for Certbot to manage DNS records.

1. Steps to Generate API Token
2. Log in to the Cloudflare Dashboard
3. Click the profile icon (top-right) → My Profile
4. Navigate to API Tokens
5. Click Create Token
6. Select the template:
   • Edit zone DNS (recommended for Certbot)
7. Configure permissions:
   • Zone → DNS → Edit
8. Configure zone resources:
   • Include → Specific zone → example.com
9. Click Continue → Create Token

🔐 Security Considerations

• API Token is restricted to DNS edit access only
• Token is scoped to a specific zone
• Global API Key is not used

📸 Screenshots

Screenshot added showing Cloudflare API Token configuration

[mngshm]

@murtaza-ghadiali could you please add a video screenshot of the whole process flow ? Screenshots are fine, but in these kind of cases where it's not a UX first change (at least the reflection of change) and not a UI it is more preferred to show a demo.

[mngshm]

Approved the workflow to run and verify tests

[codecov]

Codecov Report

❌ Patch coverage is 20.00000% with 20 lines in your changes missing coverage. Please review.
✅ Project coverage is 50.98%. Comparing base (a935a60) to head (ebe41dc).
⚠️ Report is 352 commits behind head on develop.

Files with missing lines	Patch %	Lines
...s/press/doctype/tls_certificate/tls_certificate.py	0.00%	13 Missing ⚠️
press/press/doctype/root_domain/root_domain.py	41.66%	7 Missing ⚠️

❌ Your patch check has failed because the patch coverage (20.00%) is below the target coverage (75.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@             Coverage Diff              @@
##           develop    #4378       +/-   ##
============================================
- Coverage    71.97%   50.98%   -21.00%     
============================================
  Files          101      836      +735     
  Lines        15733    66409    +50676     
  Branches       286      286               
============================================
+ Hits         11324    33856    +22532     
- Misses        4381    32525    +28144     
  Partials        28       28               

Flag	Coverage Δ
dashboard	71.97% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[murtaza-ghadiali]

@mngshm, here is the video. This feature is to get the TLS certificate from Cloudflare.

PR.Video.of.Frappe.Press.mp4

[mngshm]

it is standarly "cloudflare" or "Cloudflare". please make the same change everywhere

[murtaza-ghadiali]

It's Cloud Flare

[belal-bh]

Hi @murtaza-ghadiali
This PR is very useful for many users. Maybe there are pending approvals and some merge conflicts. And @mngshm can you please recheck the PR ?

[murtaza-ghadiali]

@belal-bh I just merge the conflicts, waiting for @mngshm to approve it

[petnd]

@mngshm any updates on this? I would really love to see other providers being available.

[murtaza-ghadiali]

@mngshm, any update on this, please waiting for such a long time