sudo apt-get update

sudo apt-get install software-properties-common

sudo add-apt-repository ppa:certbot/certbot

sudo apt-get update

sudo apt-get install certbot python-pip

pip install certbot-dns-cloudflare

#https://certbot-dns-cloudflare.readthedocs.io/
sudo certbot certonly \
    --dns-cloudflare \
    --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini \
    --server https://acme-v02.api.letsencrypt.org/directory \
    --email email@example.com \
    --rsa-key-size 4096 \
    --user-agent "" \
    --cert-name CERTNAME \
    --agree-tos \
    -d example.com \
    -d *.example.com

# *.ini file information
# CloudFlare API key information
# https://dash.cloudflare.com/profile
dns_cloudflare_api_key = <Your Global API Key>
dns_cloudflare_email = <Your Cloudflare Email>

chmod 600 *.ini

crontab auto renewal
#Let's Encrypt auto renew
#“At 03:00 on Sunday.”
0 3 * * 0 /usr/bin/certbot renew >> /var/log/le-renew.log
5 3 * * 0 /usr/sbin/service nginx reload
10 3 * * 0 /usr/sbin/service apache2 reload

postfix, courier ssl, vsftpd, etc...

REF : https://gist.github.com/tasyjean/9d01706b774f66427d45422cfaf99746