Cloudflare API not getting authenticated by LetsEncrypt on Home Assistant

This is my LetsEncrypt Log. The error I am getting has been marked in bold letter.

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[10:35:28] INFO: Selected DNS Provider: dns-cloudflare
[10:35:28] INFO: Use propagation seconds: 60
[10:35:29] INFO: Use CloudFlare token
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for home.agrahost.com and *.home.agrahost.com
Encountered CloudFlareAPIError adding TXT record: 10000 Authentication error
Error communicating with the Cloudflare API: Authentication error
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

Are you using dns_cloudflare_api_token or dns_cloudflare_api_key?

If an API Token, can you show us what permissions you have enabled for the token?

Welcome to certbot-dns-cloudflare’s documentation! — certbot-dns-cloudflare 0 documentation has some advice about your authentication options for Cloudflare.

Here is my LetsEncrypt config

domains:

• home.agrahost.com
  email: my-email
  keyfile: config/privkey.pem
  certfile: config/certificate.pem
  challenge: dns
  dns:
  provider: dns-cloudflare
  cloudflare_api_token: mytoken

Token Permissions -

Letsencrypt API token summary

This API token will affect the below accounts and zones, along with their respective permissions

• All accounts - Access: Mutual TLS Certificates:Read
• My Account
• • All zones - Zone Settings:Edit

The token must have the DNS:Edit permission.

That is different to Zone Settings:Edit.

Success! Thank You! However, now I am facing another issue

Certificate not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal; no action taken.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

Please show:
certbot certificates

The HA instance is running as a virtualbox VM on a dedicated Windows 10 machine. Not sure how to access the underlying os commandline.

RTFM to be sure.
But, I'd say SSH [PuTTY] might be able to do the trick.

Into Windows?

Anyway, I don't have any clue about Windows, so signing off here

Windows simply provides the HyperVisor.
The actual VM might be Linux.

Oh, hm, I misinterpreted the post. I read it as it was Windows 10 running inside the VM Which doesn't make much sense for running HA so I was puzzled. But not puzzled enough to think any further

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.