diff --git a/defaults/main.yml b/defaults/main.yml
index 3f29db0..662a8c7 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -40,6 +40,9 @@ certbot_create_command: >-
   {{ '--webroot-path ' if certbot_create_method == 'webroot'  else '' }}
   {{ cert_item.webroot | default(certbot_webroot) if certbot_create_method == 'webroot' else '' }}
   {{ certbot_create_extra_args }}
+  {{ '--dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini'
+    if certbot_create_method == 'dns-cloudflare'
+  else '' }}
   --cert-name {{ cert_item_name }}
   -d {{ cert_item.domains | join(',') }}
   {{ '--expand' if certbot_expand else '' }}
@@ -58,6 +61,8 @@ certbot_create_standalone_stop_services:
   # - apache
   # - varnish
 
+certbot_dns_cloudflare_api_token: fakeone
+
 # Available options: 'package', 'snap', 'source'.
 certbot_install_method: 'package'
 
diff --git a/tasks/create-cert-dns-cloudflare.yml b/tasks/create-cert-dns-cloudflare.yml
new file mode 100644
index 0000000..6fd7218
--- /dev/null
+++ b/tasks/create-cert-dns-cloudflare.yml
@@ -0,0 +1,15 @@
+---
+- name: Determine certificate name
+  set_fact:
+    cert_item_name: "{{ cert_item.name | default(cert_item.domains | first | replace('*.', '')) }}"
+
+- name: Check if certificate already exists.
+  stat:
+    path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
+  register: letsencrypt_cert
+  become: true
+
+- name: Generate new certificate if one doesn't exist.
+  command: "{{ certbot_create_command }}"
+  when: not letsencrypt_cert.stat.exists
+  become: true
diff --git a/tasks/install-with-package.yml b/tasks/install-with-package.yml
index aec074c..cf5851e 100644
--- a/tasks/install-with-package.yml
+++ b/tasks/install-with-package.yml
@@ -4,6 +4,16 @@
     name: "{{ certbot_package }}"
     state: present
 
+- name: Install Certbot dependencies.
+  package:
+    name: "{{ cert_item }}"
+    state: present
+  when:
+    - certbot_create_method in certbot_create_packages
+  loop: "{{ certbot_create_packages[certbot_create_method] }}"
+  loop_control:
+    loop_var: cert_item
+
 - name: Set Certbot script variable.
   set_fact:
     certbot_script: "{{ certbot_package }}"
diff --git a/tasks/main.yml b/tasks/main.yml
index 894143c..219e92e 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -13,6 +13,17 @@
 - import_tasks: install-from-source.yml
   when: certbot_install_method == 'source'
 
+- name: Cloudflare API token
+  ansible.builtin.template:
+    src: dnscloudflare.ini.j2
+    dest: "/etc/letsencrypt/dnscloudflare.ini"
+    owner: root
+    group: root
+    mode: '0600'
+  when:
+    - certbot_create_method == 'dns-cloudflare'
+  become: true
+
 - include_tasks: create-cert-standalone.yml
   with_items: "{{ certbot_certs }}"
   when:
@@ -29,5 +40,13 @@
   loop_control:
     loop_var: cert_item
 
+- include_tasks: create-cert-dns-cloudflare.yml
+  with_items: "{{ certbot_certs }}"
+  when:
+    - certbot_create_if_missing
+    - certbot_create_method == 'dns-cloudflare'
+  loop_control:
+    loop_var: cert_item
+
 - import_tasks: renew-cron.yml
   when: certbot_auto_renew
diff --git a/templates/dnscloudflare.ini.j2 b/templates/dnscloudflare.ini.j2
new file mode 100644
index 0000000..9d87495
--- /dev/null
+++ b/templates/dnscloudflare.ini.j2
@@ -0,0 +1 @@
+dns_cloudflare_api_token = {{ certbot_dns_cloudflare_api_token }}
diff --git a/vars/default.yml b/vars/default.yml
index d88f2dc..e394f90 100644
--- a/vars/default.yml
+++ b/vars/default.yml
@@ -1,2 +1,5 @@
 ---
 certbot_package: certbot
+certbot_create_packages:
+  'dns-cloudflare':
+    - python3-certbot-dns-cloudflare