Cloudflare DNS: Failed to find zone

[pinecat]

Description of problem

Hello, I am trying to issue a letsencrypt certificate for an application running on my Dokku instance. After installing this plugin, I set my DNS provider to Cloudflare, and set the DNS API token (this particular token has access to all zones on my account).

dokku letsencrypt:set --global dns-provider cloudflare
dokku letsencrypt:set --global dns-provider-CLOUDFLARE_DNS_API_TOKEN 'xxx'

Then, I run the command dokku letsencrypt:enable myapp. The command continues to fail with:

[myapp.example.net] [myapp.example.net] acme: error presenting token: cloudflare: failed to find zone net.: zone could not be found

How reproducible

Happens every time I run the dokku letsencrypt:enable myapp command.

Additional info

I have an actual, registered domain I am using for the app. The domain is not actually example.net, however, I am using a .net domain.

Actual Results

=====> Enabling letsencrypt for myapp
-----> Enabling ACME proxy for myapp...
-----> Getting letsencrypt certificate for myapp via DNS-01
        - Domain 'myapp.example.net'
2023/07/20 05:42:36 [INFO] [myapp.example.net] acme: Obtaining bundled SAN certificate
2023/07/20 05:42:37 [INFO] [myapp.example.net] AuthURL: <<redacted>>
2023/07/20 05:42:37 [INFO] [myapp.example.net] acme: Could not find solver for: tls-alpn-01
2023/07/20 05:42:37 [INFO] [myapp.example.net] acme: Could not find solver for: http-01
2023/07/20 05:42:37 [INFO] [myapp.example.net] acme: use dns-01 solver
2023/07/20 05:42:37 [INFO] [myapp.example.net] acme: Preparing to solve DNS-01
2023/07/20 05:42:37 [INFO] [myapp.example.net] acme: Cleaning DNS-01 challenge
2023/07/20 05:42:37 [WARN] [myapp.example.net] acme: cleaning up failed: cloudflare: failed to find zone net.: zone could not be found
2023/07/20 05:42:37 [INFO] Deactivating auth: <<redacted>>
2023/07/20 05:42:37 Could not obtain certificates:
	error: one or more domains had a problem:
[myapp.example.net] [myapp.example.net] acme: error presenting token: cloudflare: failed to find zone net.: zone could not be found
-----> Certificate retrieval failed!
-----> Disabling ACME proxy for myapp...
 !     Failed to setup letsencrypt
 !     Check log output for further information on failure

Expected Results

Expected to get a letsencrypt certificate for my app.

Environment Information

• Debian 12
• Dokku 0.30.9
• Installed letsencrypt plugin on July 18, 2023

dokku report myapp output

-----> uname: Linux cali 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.37-1 (2023-07-03) x86_64 GNU/Linux
-----> memory:
                      total        used        free      shared  buff/cache   available
       Mem:           15990         895        9982           0        5442       15094
       Swap:            975           0         975
-----> docker version:
       Client: Docker Engine - Community
        Version:           24.0.4
        API version:       1.43
        Go version:        go1.20.5
        Git commit:        3713ee1
        Built:             Fri Jul  7 14:51:00 2023
        OS/Arch:           linux/amd64
        Context:           default

       Server: Docker Engine - Community
        Engine:
         Version:          24.0.4
         API version:      1.43 (minimum version 1.12)
         Go version:       go1.20.5
         Git commit:       4ffc614
         Built:            Fri Jul  7 14:51:00 2023
         OS/Arch:          linux/amd64
         Experimental:     false
        containerd:
         Version:          1.6.21
         GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8
        runc:
         Version:          1.1.7
         GitCommit:        v1.1.7-0-g860f061
        docker-init:
         Version:          0.19.0
         GitCommit:        de40ad0
-----> docker daemon info:
       Client: Docker Engine - Community
        Version:    24.0.4
        Context:    default
        Debug Mode: true
        Plugins:
         buildx: Docker Buildx (Docker Inc.)
           Version:  v0.11.1
           Path:     /usr/libexec/docker/cli-plugins/docker-buildx
         compose: Docker Compose (Docker Inc.)
           Version:  v2.19.1
           Path:     /usr/libexec/docker/cli-plugins/docker-compose

       Server:
        Containers: 4
         Running: 2
         Paused: 0
         Stopped: 2
        Images: 11
        Server Version: 24.0.4
        Storage Driver: overlay2
         Backing Filesystem: extfs
         Supports d_type: true
         Using metacopy: false
         Native Overlay Diff: true
         userxattr: false
        Logging Driver: json-file
        Cgroup Driver: systemd
        Cgroup Version: 2
        Plugins:
         Volume: local
         Network: bridge host ipvlan macvlan null overlay
         Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
        Swarm: inactive
        Runtimes: io.containerd.runc.v2 runc
        Default Runtime: runc
        Init Binary: docker-init
        containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
        runc version: v1.1.7-0-g860f061
        init version: de40ad0
        Security Options:
         apparmor
         seccomp
          Profile: builtin
         cgroupns
        Kernel Version: 6.1.0-10-amd64
        Operating System: Debian GNU/Linux 12 (bookworm)
        OSType: linux
        Architecture: x86_64
        CPUs: 16
        Total Memory: 15.62GiB
        Name: cali
        ID: 0822b997-e6f5-45a6-9283-9b96766cd039
        Docker Root Dir: /var/lib/docker
        Debug Mode: false
         File Descriptors: 40
         Goroutines: 44
         System Time: 2023-07-19T23:56:43.884672931-06:00
         EventsListeners: 0
        Experimental: false
        Insecure Registries:
         127.0.0.0/8
        Live Restore Enabled: false

-----> git version: git version 2.39.2
-----> sigil version: 0.9.0build+bc921b7
-----> herokuish version:
       herokuish: v0.6.0
       buildpacks:
         heroku-buildpack-multi     v1.2.0
         heroku-buildpack-ruby      v254
         heroku-buildpack-nodejs    v213
         heroku-buildpack-clojure   v90
         heroku-buildpack-python    v232
         heroku-buildpack-java      v72
         heroku-buildpack-gradle    v39
         heroku-buildpack-scala     v96
         heroku-buildpack-play      v26
         heroku-buildpack-php       v234
         heroku-buildpack-go        v174
         heroku-buildpack-nginx     v23
         buildpack-null             v3
-----> dokku version: dokku version 0.30.9
-----> plugn version: plugn: 0.12.0build+3a27594
-----> dokku plugins:
         00_dokku-standard    0.30.9 enabled    dokku core standard plugin
         20_events            0.30.9 enabled    dokku core events logging plugin
         app-json             0.30.9 enabled    dokku core app-json plugin
         apps                 0.30.9 enabled    dokku core apps plugin
         builder              0.30.9 enabled    dokku core builder plugin
         builder-dockerfile   0.30.9 enabled    dokku core builder-dockerfile plugin
         builder-herokuish    0.30.9 enabled    dokku core builder-herokuish plugin
         builder-lambda       0.30.9 enabled    dokku core builder-lambda plugin
         builder-null         0.30.9 enabled    dokku core builder-null plugin
         builder-pack         0.30.9 enabled    dokku core builder-pack plugin
         buildpacks           0.30.9 enabled    dokku core buildpacks plugin
         caddy-vhosts         0.30.9 enabled    dokku core caddy-vhosts plugin
         certs                0.30.9 enabled    dokku core certificate management plugin
         checks               0.30.9 enabled    dokku core checks plugin
         common               0.30.9 enabled    dokku core common plugin
         config               0.30.9 enabled    dokku core config plugin
         cron                 0.30.9 enabled    dokku core cron plugin
         docker-options       0.30.9 enabled    dokku core docker-options plugin
         domains              0.30.9 enabled    dokku core domains plugin
         enter                0.30.9 enabled    dokku core enter plugin
         git                  0.30.9 enabled    dokku core git plugin
         haproxy-vhosts       0.30.9 enabled    dokku core haproxy-vhosts plugin
         letsencrypt          0.20.1 enabled    Automated installation of let's encrypt TLS certificates
         logs                 0.30.9 enabled    dokku core logs plugin
         network              0.30.9 enabled    dokku core network plugin
         nginx-vhosts         0.30.9 enabled    dokku core nginx-vhosts plugin
         plugin               0.30.9 enabled    dokku core plugin plugin
         proxy                0.30.9 enabled    dokku core proxy plugin
         ps                   0.30.9 enabled    dokku core ps plugin
         registry             0.30.9 enabled    dokku core registry plugin
         repo                 0.30.9 enabled    dokku core repo plugin
         resource             0.30.9 enabled    dokku core resource plugin
         run                  0.30.9 enabled    dokku core run plugin
         scheduler            0.30.9 enabled    dokku core scheduler plugin
         scheduler-docker-local 0.30.9 enabled    dokku core scheduler-docker-local plugin
         scheduler-null       0.30.9 enabled    dokku core scheduler-null plugin
         shell                0.30.9 enabled    dokku core shell plugin
         ssh-keys             0.30.9 enabled    dokku core ssh-keys plugin
         storage              0.30.9 enabled    dokku core storage plugin
         trace                0.30.9 enabled    dokku core trace plugin
         traefik-vhosts       0.30.9 enabled    dokku core traefik-vhosts plugin
=====> myapp app-json information
       App json computed selected:    app.json
       App json global selected:      app.json
       App json selected:
=====> myapp app information
       App created at:                1689832485
       App deploy source:             git-push
       App deploy source metadata:    e9965b3b6450055ce3b692d81861b3b1c0a31844
       App dir:                       /home/dokku/myapp
       App locked:                    false
=====> myapp builder information
       Builder build dir:
       Builder computed build dir:
       Builder computed selected:
       Builder global build dir:
       Builder global selected:
       Builder selected:
=====> myapp builder-dockerfile information
       Builder dockerfile computed dockerfile path: Dockerfile
       Builder dockerfile global dockerfile path: Dockerfile
       Builder dockerfile dockerfile path:
=====> myapp builder-herokuish information
       Builder herokuish computed allowed: true
       Builder herokuish global allowed: true
       Builder herokuish allowed:
=====> myapp builder-lambda information
       Builder lambda computed lambdayml path: lambda.yml
       Builder lambda global lambdayml path: lambda.yml
       Builder lambda lambdayml path:
=====> myapp builder-pack information
       Builder pack computed projecttoml path: project.toml
       Builder pack global projecttoml path: project.toml
       Builder pack projecttoml path:
=====> myapp buildpacks information
       Buildpacks computed stack:     gliderlabs/herokuish:latest-20
       Buildpacks global stack:
       Buildpacks list:
       Buildpacks stack:
=====> myapp caddy information
       Caddy image:                   lucaslorentz/caddy-docker-proxy:2.7
       Caddy letsencrypt email:
       Caddy letsencrypt server:      https://acme-v02.api.letsencrypt.org/directory
       Caddy log level:               ERROR
       Caddy polling interval:        5s
       Caddy tls internal:            false
=====> myapp ssl information
       Ssl dir:                       /home/dokku/myapp/tls
       Ssl enabled:                   false
       Ssl hostnames:
       Ssl expires at:
       Ssl issuer:
       Ssl starts at:
       Ssl subject:
       Ssl verified:
=====> myapp checks information
       Checks disabled list:          none
       Checks skipped list:           none
       Checks computed wait to retire: 60
       Checks global wait to retire:  60
       Checks wait to retire:
=====> myapp cron information
       Cron task count:               0
=====> myapp docker options information
       Docker options build:
       Docker options deploy:         --restart=on-failure:10
       Docker options run:
=====> myapp domains information
       Domains app enabled:           true
       Domains app vhosts:            myapp.example.net
       Domains global enabled:        true
       Domains global vhosts:         example.net
=====> myapp git information
       Git deploy branch:             master
       Git global deploy branch:      master
       Git keep git dir:              false
       Git rev env var:               GIT_REV
       Git sha:                       e9965b3
       Git source image:
       Git last updated at:           1689832567
=====> myapp haproxy information
       Haproxy image:                 byjg/easy-haproxy:4.3.0
       Haproxy letsencrypt email:
       Haproxy letsencrypt server:    https://acme-v02.api.letsencrypt.org/directory
       Haproxy log level:             ERROR
Could not open file or uri for loading certificate from /home/dokku/myapp/tls/server.crt
40F7CACA8B7F0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:../crypto/store/store_register.c:237:scheme=file
40F7CACA8B7F0000:error:80000002:system library:file_open:No such file or directory:../providers/implementations/storemgmt/file_store.c:267:calling stat(/home/dokku/myapp/tls/server.crt)
Unable to load certificate
=====> myapp letsencrypt information
       Letsencrypt active:            false
       Letsencrypt autorenew:         false
       Letsencrypt computed dns provider: cloudflare
       Letsencrypt global dns provider: cloudflare
       Letsencrypt dns provider:
       Letsencrypt computed email:    me@example.net
       Letsencrypt global email:      me@example.net
       Letsencrypt email:
       Letsencrypt expiration:        1689811200
       Letsencrypt computed graceperiod: 2592000
       Letsencrypt global graceperiod:
       Letsencrypt graceperiod:
       Letsencrypt computed lego docker args:
       Letsencrypt global lego docker args:
       Letsencrypt lego docker args:
       Letsencrypt computed server:   https://acme-v02.api.letsencrypt.org/directory
       Letsencrypt global server:
       Letsencrypt server:
=====> myapp logs information
       Logs computed max size:        10m
       Logs global max size:          10m
       Logs global vector sink:
       Logs max size:
       Logs vector sink:
=====> myapp network information
       Network attach post create:
       Network attach post deploy:
       Network bind all interfaces:          false
       Network computed attach post create:
       Network computed attach post deploy:
       Network computed bind all interfaces: false
       Network computed initial network:
       Network computed tld:
       Network global attach post create:
       Network global attach post deploy:
       Network global bind all interfaces:   false
       Network global initial network:
       Network global tld:
       Network initial network:
       Network static web listener:
       Network tld:
       Network web listeners:                172.17.0.2:5000
=====> myapp nginx information
       Nginx access log format:
       Nginx access log path:         /var/log/nginx/myapp-access.log
       Nginx bind address ipv4:
       Nginx bind address ipv6:       ::
       Nginx client max body size:
       Nginx disable custom config:   false
       Nginx error log path:          /var/log/nginx/myapp-error.log
       Nginx global hsts:             true
       Nginx computed hsts:           true
       Nginx hsts:
       Nginx hsts include subdomains: true
       Nginx hsts max age:            15724800
       Nginx hsts preload:            false
       Nginx computed nginx conf sigil path: nginx.conf.sigil
       Nginx global nginx conf sigil path: nginx.conf.sigil
       Nginx nginx conf sigil path:
       Nginx proxy buffer size:       4096
       Nginx proxy buffering:         on
       Nginx proxy buffers:           8 4096
       Nginx proxy busy buffers size: 8192
       Nginx proxy read timeout:      60s
       Nginx last visited at:         1689832577
       Nginx x forwarded for value:   $remote_addr
       Nginx x forwarded port value:  $server_port
       Nginx x forwarded proto value: $scheme
       Nginx x forwarded ssl:
=====> myapp proxy information
       Proxy enabled:                 true
       Proxy port map:                http:80:5000
       Proxy type:                    nginx
=====> myapp ps information
       Deployed:                      true
       Processes:                     1
       Ps can scale:                  true
       Ps computed procfile path:     Procfile
       Ps global procfile path:       Procfile
       Ps procfile path:
       Ps restart policy:             on-failure:10
       Restore:                       true
       Running:                       true
       Status web 1:                  running (CID: 0fd2c3e5fb9)
=====> myapp registry information
       Registry computed image repo:      dokku/myapp
       Registry computed push on release: false
       Registry computed server:
       Registry global push on release:
       Registry global server:
       Registry image repo:
       Registry push on release:
       Registry server:
       Registry tag version:
=====> myapp resource information
=====> myapp scheduler information
       Scheduler computed selected:   docker-local
       Scheduler global selected:     docker-local
       Scheduler selected:
=====> myapp scheduler-docker-local information
       Scheduler docker local disable chown:
       Scheduler docker local init process: true
       Scheduler docker local parallel schedule count:
=====> myapp storage information
       Storage build mounts:
       Storage deploy mounts:
       Storage run mounts:
=====> myapp traefik information
       Traefik api enabled:           false
       Traefik api vhost:             traefik.dokku.me
       Traefik basic auth password:
       Traefik basic auth username:
       Traefik dashboard enabled:     false
       Traefik image:                 traefik:v2.8
       Traefik letsencrypt email:
       Traefik letsencrypt server:    https://acme-v02.api.letsencrypt.org/directory
       Traefik log level:             ERROR
       Traefik priority:

How (deb/make) and where (AWS, VirtualBox, physical, etc.) was Dokku installed?:

Running in a virtual machine on my Proxmox server.

Any help with this issue is very much appreciated, thank you!

[pinecat]

Hello,

I had a chance to do a full re-install this weekend (OS, Dokku, plugins), and everything seems to be working now. None of my networking has changed, and I don't believe I set anything up differently than before, but hopefully things will stay working. If anyone else runs into this issue, I'm happy to try and offer some guidance.