It’s not necessary to disable CloudFlare to use Let’s Encrypt,

Installation:

On mac os X:

$ git clone https://github.com/lukas2511/letsencrypt.sh
$ cd letsencrypt.sh
$ mkdir hooks
$ git clone https://github.com/kappataumu/letsencrypt-cloudflare-hook hooks/cloudflare
$ pip install -r hooks/cloudflare/requirements-python-2.txt

Configuration

Your account’s CloudFlare email and API key are expected to be in the environment:

$ export CF_EMAIL="[email protected]"
$ export CF_KEY="Global API Key"
$ export CF_DNS_SERVERS='8.8.8.8 8.8.4.4'

Usage

$ ./letsencrypt.sh -c -d imap.ejemplo.org -t dns-01 -k "hooks/cloudflare/hook.py"
#
# !! WARNING !! No main config file found, using default config!
#
Processing imap.ejemplo.org
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting challenge for imap.ejemplo.org...
 + CloudFlare hook executing: deploy_challenge
 + Settling down for 10s...
 + DNS not propagated, waiting 30s...
 + Responding to challenge for imap.ejemplo.org...
 + CloudFlare hook executing: clean_challenge
 + Challenge is valid!
 + Requesting certificate...
 + Checking certificate...
 + Done!
 + Creating fullchain.pem...
 + CloudFlare hook executing: deploy_cert
 + ssl_certificate: /Users/user/projects/letsencrypt.sh/certs/imap.ejemplo.org/fullchain.pem
 + ssl_certificate_key: /Users/user/projects/letsencrypt.sh/certs/imap.ejemplo.org/privkey.pem
 + Done!

Automated certificate renewal

Put all your domain names in letsencrypt.sh/domains.txt, example:

ejemplo.org www.ejemplo.org imap.ejemplo.org

Create a cron.sh script:

    #!/bin/sh
    export CF_EMAIL="[email protected]"
    export CF_KEY="Global API Key"
    export CF_DNS_SERVERS='8.8.8.8 8.8.4.4'

    /path/to//letsencrypt.sh --cron --challenge dns-01 \
        --hook '/path/to/letsencrypt.sh/hooks/cloudfare/hook.py'

    service dovecot restart

Add the cron:

0 4 * * * /path/to/cron.sh >> /path/to/cron.log 2>&1