Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: nebulonenergy.org
I ran this command:
sudo certbot certonly -v --dns-digitalocean --dns-digitalocean-credentials ~/.certbot/certbot-creds.ini -d nebulonenergy.org -d \*.nebulonenergy.org --dry-run
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-digitalocean, Installer None
Cannot extract OCSP URI from /etc/letsencrypt/archive/nebulonenergy.org/cert7.pem
Certificate not due for renewal, but simulating renewal for dry run
Simulating renewal of an existing certificate for nebulonenergy.org and *.nebulonenergy.org
Performing the following challenges:
dns-01 challenge for nebulonenergy.org
dns-01 challenge for nebulonenergy.org
Cleaning up challenges
Error finding domain using the DigitalOcean API: Unable to authenticate you (Did you provide a valid API token?)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
/var/log/letsencrypt/letsencrypt.log contents:
2026-06-09 16:56:22,903:DEBUG:certbot._internal.main:certbot version: 2.9.0
...snipped....
2026-06-09 16:56:23,479:DEBUG:urllib3.connectionpool:https://api.digitalocean.com:443 "GET /v2/domains/?per_page=200 HTTP/1.1" 401 64
2026-06-09 16:56:23,480:DEBUG:certbot_dns_digitalocean._internal.dns_digitalocean:Error finding domain using the DigitalOcean API: Unable to authenticate you
...snipped...
Ran the following Curl command where $FOO is my newly created API token (full control)
curl -X GET -H "Authorization: Bearer $FOO" https://digitalocean.com
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
My web server is (include version): apache 2.4
The operating system my web server runs on is (include version):
Ubuntu 24.04
My hosting provider, if applicable, is: DigitalOcean
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.9.0
Question: without resorting to proxies and proxychains, how can I keep cloudflare from blocking my attempt to renew the certificate. Thanks.