Certbot not able to complete dns-01 challenge

I am trying to use certbot to generate certs for my domain and store the generated certs into my vault instance

certbot certonly -v \
  --authenticator dns-cloudflare \
  --dns-cloudflare-credentials ./cloudflare.ini \
  --email $email_address \
  --vault-addr $vault_url \
  --vault-token $root_token \
  --vault-path secret/certificates \
  -d $domain

Getting the following error message

Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.3.1)

Have you checked your cloudflare.ini to use the token method as shown below? Token is recommended rather than global key.

If so, you are using a relative path name for that ini file. You should probably use an explicit path to ensure it works from other contexts like the renew command in a cronjob or systemd timer.

I am not familiar with the '--vault' options. Those would not cause the error you show I just wonder where you saw those described and why you think the cloudflare plugin supports those.

And, what version is your certbot and how did you install it? (pip, apt, snap, ...)
certbot --version


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.