Getting Started

mkdir /etc/dehydrated
mkdir /root/software ; cd /root/software
yum -y install git python-dns python-pip
pip install --upgrade pip
pip install tld
git clone
cd dehydrated
cp dehydrated /usr/local/bin
cp docs/examples/config /etc/dehydrated

Install a hook of your choice, see below.

dehydrated --register --accept-terms


Cloudflare DNS hook

yum install -y gcc python-devel libffi-devel openssl-devel
pip install -r
wget -O /usr/local/bin/
chmod +x /usr/local/bin/
echo "export" >> /etc/dehydrated/config
echo "export" >> /etc/dehydrated/config
echo "export CF_KEY=K9uX2HyUjeWg5AhAb" >> /etc/dehydrated/config
echo "export CF_DNS_SERVERS=''" >> /etc/dehydrated/config 
echo "export CF_DEBUG=true" >> /etc/dehydrated/config

dehydrated --register --accept-terms

Alternative Mailgun support for manual mail hook

Get mail hook at

wget -O /usr/local/bin/
chmod +x /usr/local/bin/
nano /usr/local/bin/

Add this to the top

function send_mailgun {
	echo "   + Sending mail via Mailgun via domain $MAILGUN_DOMAIN to $MAILGUN_TO..."
	curl -s --user "api:$MAILGUN_KEY" \$MAILGUN_DOMAIN/messages \
		-F from="$MAILGUN_FROM" \
		-F to="$MAILGUN_TO" \
		-F subject="$SUBJECT" \
		-F text="$MESSAGE"
	echo ""
	return 0

Search ALL ocurrences for and comment:

echo "$MESSAGE" | mail -s "$SUBJECT" "$RECIPIENT"

Replace with:


dehydrated --cron --challenge dns-01 --hook '/usr/local/bin/'

All domains

If migrating from certbot:

ls /etc/letsencrypt/live > /etc/dehydrated/domains.txt

nano /etc/dehydrated/domains.txt
(put your domain names here)


You can put multiple names on one cert, by using this syntax:

To request the cert:

dehydrated --cron  --challenge dns-01

One domain

dehydrated --cron --challenge dns-01 -d

VHost configuration code snippet

 listen 443 ssl;
 ssl_certificate /etc/dehydrated/certs/;
 ssl_certificate_key /etc/dehydrated/certs/;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers HIGH:!aNULL:!MD5;

More Info