-
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cloudflare limited scoped API tokens unable to find zone id (possible regression?) #8733
Comments
This works okay for me on the latest snap:
I tested with the most narrow scope, just Could you check whether maybe you are being affected by this behavior: https://requests.readthedocs.io/en/master/user/authentication/#netrc-authentication? |
Hmm, ok I have an idea what it might be. I think I was trying to generate a wildcard certificate for sub1.example.com while at the same time having an NS record set up for sub1.example.com in the Cloudflare settings. I will investigate further. |
Anything new here? I think i got the same issue. I am trying to setup a haproxy via docker with certbot. Setup for certbot: pip install certbot certbot-dns-cloudflare cloudflare
certbot certonly \
-n --agree-tos --email michael@example.com \
--staging \
--non-interactive \
--test-cert \
--dns-cloudflare \
--dns-cloudflare-credentials /usr/local/etc/haproxy/cloudflare.ini \
--config-dir /usr/local/etc/haproxy/certbot/config/ \
--work-dir /usr/local/etc/haproxy/certbot/workdir/ \
--logs-dir /usr/local/etc/haproxy/certbot/logs/ \
-d example.com \
-d www.example.com Yet if I call edit: Forgot the versions: certbot==1.17.0
certbot-dns-cloudflare==1.17.0
cloudflare==2.8.15 |
use dns_cloudflare_api_token instead of dns_cloudflare_api_key in your cloudflare.ini |
Getting this same issue using the certbot/dns-cloudflare docker image.
Using a global API key + email works fine but changing to an api token (verified as working many times) just throws this same error. Tried with both the latest build and the nightly. Actual command being run:
And /cloudflare.ini format:
|
This just happened to me too. Only working with Global API Key. Ideas why? |
For me the issue turned out to be the naming of Some of my testing here: https://github.com/snk-nick/certbot-cf-dns Hope that helps. |
If you're having trouble using Certbot and aren't sure you've found a bug or
request for a new feature, please first try asking for help at
https://community.letsencrypt.org/. There is a much larger community there of
people familiar with the project who will be able to more quickly answer your
questions.
My operating system is (include version):
Ubuntu 20.04.2 LTS
I installed Certbot with (certbot-auto, OS package manager, pip, etc):
snap
I ran this command and it produced this output:
Certbot's behavior differed from what I expected because:
This seems to be a regression of the issue discussed in #7893. I have tried API keys with the following variants of permissions:
And I still get the same error every time.
Here is a Certbot log showing the issue (if available):
Logs are stored in
/var/log/letsencrypt
by default. Feel free to redact domains, e-mail and IP addresses as you see fit.Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:
N/A - Only running certbot without any webserver for DNS validation.
The text was updated successfully, but these errors were encountered: