To ensure your Cloudflare API token has the necessary permissions for using Let's Encrypt with wildcard subdomains on Laravel Forge, follow these steps:
1. In Cloudflare, generate an API token with the following permissions:
- `Zone.Zone.Read`
- `Zone.DNS.Edit`
2. Make sure the token has permissions on all zones attached to your Cloudflare account. It needs access to all the zones associated with your domain.
3. In Forge, go to the site you want to set up the SSL certificate for and select the "SSL Certificates" tab.
4. Click on the "Let's Encrypt (Beta)" button to begin the process.
5. For wildcard subdomains, list both the wildcard subdomain and root domain (e.g. `*.domain.com, domain.com`). Let's Encrypt requires providing the Cloudflare API credentials.
6. Paste your Cloudflare API token into the "Cloudflare API Token" field in Forge. Ensure it has the necessary `Zone.Zone.Read` and `Zone.DNS.Edit` permissions.
7. Forge will automatically handle the rest - obtaining the Let's Encrypt certificate, configuring NGINX, and renewing the certificate before expiration.
By providing a Cloudflare API token with the proper permissions, Forge can successfully obtain Let's Encrypt SSL/TLS certificates that cover your domain and wildcard subdomains. The token must have read and edit access to all the zones associated with your domain.
If you encounter any issues, double-check the API token permissions and ensure it has access to all relevant zones in Cloudflare. Forge provides detailed error messages if the token is invalid or lacks the necessary permissions.
Citations:[1] https://laracasts.com/discuss/channels/forge/setting-up-lets-encrypt-on-forge
[2] https://docs.mattermost.com/install/setup-tls.html
[3] https://www.youtube.com/watch?v=Gt-av0xiEFY
[4] https://forge.laravel.com/docs/sites/ssl.html
[5] https://laracasts.com/discuss/channels/forge/cant-generate-ssl-certificate