diff --git a/roles/reverse_proxy/tasks/20_xcaddy_install.yml b/roles/reverse_proxy/tasks/20_xcaddy_install.yml
index 645f6d3..0d57625 100644
--- a/roles/reverse_proxy/tasks/20_xcaddy_install.yml
+++ b/roles/reverse_proxy/tasks/20_xcaddy_install.yml
@@ -25,7 +25,7 @@
   become: true
 
 - name: Build Custom Caddy with netcup
-  ansible.builtin.command: xcaddy build --with github.com/caddy-dns/netcup
+  ansible.builtin.command: xcaddy build --with github.com/caddy-dns/cloudflare
   environment:
     PATH: "{{ ansible_env.PATH }}:/usr/local/go/bin"
   register: xcaddy_build
diff --git a/roles/reverse_proxy/templates/Caddyfile.j2 b/roles/reverse_proxy/templates/Caddyfile.j2
index cf82ba2..4c5dbde 100644
--- a/roles/reverse_proxy/templates/Caddyfile.j2
+++ b/roles/reverse_proxy/templates/Caddyfile.j2
@@ -18,10 +18,8 @@
   }
 
 	tls {
-		dns netcup {
-			customer_number {{ netcup_customer_id }}
-			api_key {{ netcup_api_key }}
-			api_password {{ netcup_api_password }}
+		dns cloudflare {
+			api_token {{ cloudflare_api_token }}
 		}
     propagation_timeout 900s
 		propagation_delay 600s
diff --git a/vars/group_vars/all/secrets.yml b/vars/group_vars/all/secrets.yml
index 65a6b06..1aec158 100644
--- a/vars/group_vars/all/secrets.yml
+++ b/vars/group_vars/all/secrets.yml
@@ -1,14 +1,17 @@
 $ANSIBLE_VAULT;1.1;AES256
-39363732646365356438376435333235623762396237353933613036633233623964363662326335
-6135336632653162356336363736333238666531313565390a346539393135633638656565623934
-34333739323264623638623038343433376333646238396164616564646432353835663561366562
-3832323739316235390a663661666334396538656163383838363631666265356334313938373263
-63376537313863653734333565363634383139396131363636366465356461376561353333313136
-32343937363665346662623439303435386631623263663063313862373634396539656130303636
-66623066656162633635643361316335383736333535363562386334663437333335336131616537
-32633331313965353733656439646465616637336637626238653139356661353037623638653434
-33333330303336623434313730373837373366343337343637326161656235663535643666663831
-38343834343234316463626137363763393133643761653532626532633832353266353934646466
-33613830666634393636633130626664323135366666306533613839633234656334396365373135
-61303637376139616366346135353563383331303630613739636137666339363531366165393231
-3334
+33363962303935656231346162373837336438643137333034356635663030376130366335323236
+3862353265376234343163306664313435626237636235310a636230353765613937613265363934
+62653765613133363464343730353335303664343031613232373762666231636336353265663235
+3939393233363330390a323432336438633732653035373738303133633539623930613263316331
+38383366316434336638353066666266323964653864383762343361646132356363303035303931
+34313066336331356539333535303731393630386538336536646466653034663931343934626463
+36326534666362376363336135626466353335616235633961666463396665373862393464633731
+30376337346335333733656262663563303436323831663433363639363332383761326534323532
+34373762303638306531663934663564336565356664636566393537623633346639336263663134
+33633063633331376337376437356334623661616539653464323731613938643563333563353430
+35333431346530383262643031393265303630653337306162663032643764313339383833643363
+36393539336165373836313831663935626234326363646162396539383936623039376636326638
+33343435386332633561346161646338646133303365336630633665366139663634303131306663
+36653933643830303532343861666236613064663665643662663533316362653332343334356463
+39316239633139366633303235643334643135313739613532306265353938396165383735323436
+35646234636265633632
diff --git a/vars/group_vars/all/vars.yml b/vars/group_vars/all/vars.yml
index 88924d0..f994a85 100644
--- a/vars/group_vars/all/vars.yml
+++ b/vars/group_vars/all/vars.yml
@@ -24,3 +24,5 @@ arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
 netcup_api_key: "{{ vault_netcup.api_key }}"
 netcup_api_password: "{{ vault_netcup.api_password }}"
 netcup_customer_id: "{{ vault_netcup.customer_id }}"
+
+cloudflare_api_token: "{{ vault_cloudflare.api_token }}"