Certbot plugin (for Cloudflare) balks with erro "Unable to determine zone id"

Hi there,

Context. I'm on Linux Mint (Cinnamon). I have installed certbot and the cloudflare specific plugin to allow it to alter my DNS records and supply a SSL certificate. The command i'm running is this:

certbot -v certonly
--dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini
--dns-cloudflare-propagation-seconds 120
-d a1-typing-serivces.co.uk
-d *.a1-typing-services.co.uk

The full error, when running certbot, to obtain a new SSL Certificate is as follows:

Unable to determine zone_id for using zone names: ['a1-typing-services.co.uk', 'co.uk', ‘uk’]. Please confirm that the domain name has been entered correctly and is already associated with the supplied Cloudflare account.

But the domain is correct, and the domain is associated with my cloudflare account.

When I test my API token, as follows, the results seem to suggest that my API Token is fine:

curl -X GET “[cloudflare/client/v4/user/tokens/verify]” -H “Authorization: Bearer …[REDACTED]…” -H “Content-Type:application/json”

Where [REDACTED] is my DNS Editing API Token.

I get this result:

{“result”:{“id”:“c5735454d5......8e7aa24eb2”,“status”:“active”,“not_before”:“2023-08-29T00:00:00Z”,“expires_on”:“2033-08-28T23:59:59Z”},“success”:true,“errors”:,“messages”:[{“code”:10000,“message”:“This API Token is valid and active”,“type”:null}]}

Notice the bit that says: “This API Token is valid and active”

But the zone_id is known to my account. I can see it there, in my cloudflare account, in the “overview” page, above my account ID.

If anyone has a clue what’s going wrong. Please share your wisdom.
Thanks for your help :slight_smile:

1 Like

that topic will be better handled at community.cloudflare.com


Did you perhaps make a typo in the domain name?

Because the .co.uk zone appears to think thatdomain does not exist at all:


The domain with the correct spelling of "services" does seem to be associated with Cloudflare:


So looks like a typo to me :slight_smile:

Hmm, looks like the error produced actually had a problem with the correct spelling? Why wouldn't it complain about the incorrect spelling? Weird..


Something is out-of-alignment:

nslookup -q=ns a1-typing-services.co.uk dns4.nic.uk
a1-typing-services.co.uk        nameserver = fonzie.ns.cloudflare.com
a1-typing-services.co.uk        nameserver = malavika.ns.cloudflare.com



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.