Cloudflare Certbot fails to create certs

My domain is:,

I ran this command: sudo certbot certonly --dns-cloudflare --dns-cloudflare-propagation-seconds 60 --dns-cloudflare-credentials /root/.secrets/cloudflare.ini -d,*,,* --preferred-challenges dns-01

It produced this output: Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.8.14)

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Self hosted

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot version 1.21.0

My certbot host is running the latest Ubuntu Server LTS 22.04.1. I host all of my domains in cloudflare and I use them internally and use certbot as a way to create certs signed by cloudflare for that.

letsencrypt log.txt (286.9 KB)

Based on Welcome to certbot-dns-cloudflare’s documentation! — certbot-dns-cloudflare 0 documentation are you using the API token method or API key method?


I used API tokens to setup my certbot server

Your API token needs to be set up like this:

then your credentials file (/root/.secrets/cloudflare.ini) needs to look like this (do not include _email or _api_key!):

dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567

Make sure also you don't have a .cloudflare.cfg, ~/.cloudflare.cfg, or ~/.cloudflare/cloudflare.cfg file anywhere, because those will override your settings.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.