Integration done for Cloudflare API for TLS Certificate

press/press/doctype/root_domain/root_domain.js

@@ -24,5 +24,10 @@ frappe.ui.form.on('Root Domain', {
 			'reqd',
 			frm.doc.dns_provider === 'AWS Route 53',
 		);
+		frm.set_df_property(
+			'cloud_flare_api_key',
+			'reqd',
+			frm.doc.dns_provider === 'Cloud Flare',
+		);
 	},
 });

press/press/doctype/root_domain/root_domain.json

@@ -14,6 +14,7 @@
   "dns_provider",
   "aws_access_key_id",
   "aws_secret_access_key",
+  "cloud_flare_api_key",
   "aws_region"
  ],
  "fields": [
@@ -24,7 +25,7 @@
    "in_list_view": 1,
    "in_standard_filter": 1,
    "label": "DNS Provider",
-   "options": "AWS Route 53\nGeneric",
+   "options": "AWS Route 53\nCloud Flare\nGeneric",
    "reqd": 1
   },
   {
@@ -73,6 +74,12 @@
    "fieldname": "aws_region",
    "fieldtype": "Data",
    "label": "AWS Region"
+  },
+  {
+   "depends_on": "eval:doc.dns_provider=='Cloud Flare'",
+   "fieldname": "cloud_flare_api_key",
+   "fieldtype": "Password",
+   "label": "Cloud Flare Api Key"
   }
  ],
  "index_web_pages_for_search": 1,
@@ -108,7 +115,7 @@
    "link_fieldname": "domain"
   }
  ],
- "modified": "2025-12-09 14:04:47.403558",
+ "modified": "2025-12-29 16:33:04.233501",
  "modified_by": "Administrator",
  "module": "Press",
  "name": "Root Domain",
@@ -134,4 +141,4 @@
  "sort_order": "DESC",
  "states": [],
  "track_changes": 1
-}
+}

press/press/doctype/root_domain/root_domain.py

@@ -7,6 +7,7 @@
 from typing import TYPE_CHECKING
 
 import boto3
+from cloudflare import Cloudflare
 import frappe
 from frappe.core.utils import find
 from frappe.model.document import Document
@@ -32,9 +33,10 @@ class RootDomain(Document):
 		aws_access_key_id: DF.Data | None
 		aws_region: DF.Data | None
 		aws_secret_access_key: DF.Password | None
+		cloud_flare_api_key: DF.Password | None
 		default_cluster: DF.Link
 		default_proxy_server: DF.Link | None
-		dns_provider: DF.Literal["AWS Route 53", "Generic"]
+		dns_provider: DF.Literal["AWS Route 53", "Cloud Flare", "Generic"]
 		enabled: DF.Check
 		team: DF.Link | None
 	# end: auto-generated types
@@ -83,6 +85,23 @@ def boto3_client(self):
 			)
 		return self._boto3_client
 
+	@property
+	def cloudflare_client(self):
+		if not hasattr(self, "_cloudflare_client"):
+			self._cloudflare_client = Cloudflare(
+				token=self.get_password("cloud_flare_api_key")
+			)
+
+		return self._cloudflare_client
+
+	@property
+	def cloudflare_zone_id(self):
+		# Cloudflare zones API returns a list, we must search
+		zones = self.cloudflare_client.zones.get(params={"name": self.name})
+		if zones:
+			return zones[0]["id"]
+		return frappe.throw(f"Cloudflare Zone not found for {self.name}")
+
 	@property
 	def hosted_zone(self):
 		zones = self.boto3_client.list_hosted_zones_by_name()["HostedZones"]

press/press/doctype/tls_certificate/tls_certificate.py

@@ -555,12 +555,15 @@ def _obtain(self):
 	def _obtain_wildcard(self):
 		domain = frappe.get_doc("Root Domain", self.domain[2:])
 		environment = os.environ.copy()
-		environment.update(
-			{
-				"AWS_ACCESS_KEY_ID": domain.aws_access_key_id,
-				"AWS_SECRET_ACCESS_KEY": domain.get_password("aws_secret_access_key"),
-			}
-		)
+
+		if(domain.dns_provider == 'AWS Route 53'):
+			environment.update(
+				{
+					"AWS_ACCESS_KEY_ID": domain.aws_access_key_id,
+					"AWS_SECRET_ACCESS_KEY": domain.get_password("aws_secret_access_key"),
+				}
+			)
+
 		if domain.aws_region:
 			environment["AWS_DEFAULT_REGION"] = domain.aws_region
 		self.run(self._certbot_command(), environment=environment)
@@ -569,22 +572,33 @@ def _obtain_naked_with_dns(self):
 		domain = frappe.get_all("Root Domain", pluck="name", limit=1)[0]
 		domain = frappe.get_doc("Root Domain", domain)
 		environment = os.environ.copy()
-		environment.update(
-			{
-				"AWS_ACCESS_KEY_ID": domain.aws_access_key_id,
-				"AWS_SECRET_ACCESS_KEY": domain.get_password("aws_secret_access_key"),
-			}
-		)
-		self.run(self._certbot_command(), environment=environment)
+
+		if(domain.dns_provider == 'AWS Route 53'):
+			environment.update(
+				{
+					"AWS_ACCESS_KEY_ID": domain.aws_access_key_id,
+					"AWS_SECRET_ACCESS_KEY": domain.get_password("aws_secret_access_key"),
+				}
+			)
+
 
 	def _obtain_naked(self):
 		if not os.path.exists(self.webroot_directory):
 			os.mkdir(self.webroot_directory)
 		self.run(self._certbot_command())
 
 	def _certbot_command(self):
+		domain = frappe.get_doc("Root Domain", self.domain[2:])
 		if self.wildcard or frappe.conf.developer_mode:
-			plugin = "--dns-route53"
+			if(domain.dns_provider == 'AWS Route 53'):
+				plugin = "--dns-route53"
+
+			if(domain.dns_provider == 'Cloud Flare'):
+				cloudflare_creds = os.path.join(self.directory, "cloudflare.ini")
+				with open(cloudflare_creds, "w") as f:
+					f.write(f"dns_cloudflare_api_token = {domain.get_password('cloud_flare_api_key')}")
+				os.chmod(cloudflare_creds, 0o600)
+				plugin = f"--dns-cloudflare --dns-cloudflare-credentials {cloudflare_creds}"
 		else:
 			plugin = f"--webroot --webroot-path {self.webroot_directory}"
 

pyproject.toml

@@ -54,6 +54,7 @@ dependencies = [
     "hcloud==2.2.1",
     "playwright==1.49.1",
     "prometheus-api-client==0.6.0",
+    "cloudflare==4.3.1",
     "pydo==0.24.0",
 ]