Cloudflare certbot renew from conf file inoperative

We have been trying to renew certs via certbot and cloudflare DNS. Although command-line execution works fine, when we run certbot using a command file for the cert, we get the error:

Input the path to your Cloudflare credentials INI file

All config files are in place and contain the proper variables.

Any ideas???

/etc/letsencrypt/renewal/myserver.mydomain.com.conf

[renewalparams]
authenticator = dns-cloudflare
dns-cloudflare-credentials = /etc/letsencrypt/cloudflare.ini
dns-cloudflare-propagation-seconds = 60
preferred-challenges=dns
account = ****************************
server = https://acme-v02.api.letsencrypt.org/directory

/etc/letsencrypt/cloudflare.ini

dns_cloudflare_email = test@test.com
dns_cloudflare_api_key = ***************************************

conf file processing output

Processing /etc/letsencrypt/renewal/myserver.mydomain.com.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator dns-cloudflare, Installer None
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for myserver.mydomain.com
Cleaning up challenges
Attempting to renew cert (myserver.mydomain.com) from /etc/letsencrypt/renewal/myserver.mydomain.com.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the path to your Cloudflare credentials INI file. Skipping.

My operating system is (include version):

Centos 7

Certbot version:

0.31.0

I installed Certbot with (certbot-auto, OS package manager, pip, etc):

yum

I ran this command and it produced this output:

certbot renew --dry-run

Certbot’s behavior differed from what I expected because:

Configuration file provided but reported not found when configuration file is processed

Here is a Certbot log showing the issue (if available):

Logs are stored in /var/log/letsencrypt by default. Feel free to redact domains, e-mail and IP addresses as you see fit.

2019-03-05 18:11:14,084:WARNING:certbot.renewal:Attempting to renew cert (myserver.mydomain.com) from /etc/letsencrypt/renewal/myserver.mydomain.com.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the path to your Cloudflare credentials INI file. Skipping.
2019-03-05 18:11:14,085:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 452, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1193, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 310, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File “/usr/lib/python2.7/site-packages/certbot/plugins/dns_common.py”, line 47, in perform
self._setup_credentials()
File “/usr/lib/python2.7/site-packages/certbot_dns_cloudflare/dns_cloudflare.py”, line 47, in _setup_credentials
‘api-key’: ‘API key for Cloudflare account, obtained from {0}’.format(ACCOUNT_URL)
File “/usr/lib/python2.7/site-packages/certbot/plugins/dns_common.py”, line 168, in _configure_credentials
self._configure_file(key, label, __validator)
File “/usr/lib/python2.7/site-packages/certbot/plugins/dns_common.py”, line 138, in _configure_file
new_value = self._prompt_for_file(label, validator)
File “/usr/lib/python2.7/site-packages/certbot/plugins/dns_common.py”, line 230, in _prompt_for_file
force_interactive=True)
File “/usr/lib/python2.7/site-packages/certbot/display/ops.py”, line 372, in validated_directory
validator, *args, **kwargs)
File “/usr/lib/python2.7/site-packages/certbot/display/ops.py”, line 329, in _get_validated
code, raw = method(message, default=default, **kwargs)
File “/usr/lib/python2.7/site-packages/certbot/display/util.py”, line 583, in directory_select
return self.input(message, default, cli_flag)
File “/usr/lib/python2.7/site-packages/certbot/display/util.py”, line 524, in input
self._interaction_fail(message, cli_flag)
File “/usr/lib/python2.7/site-packages/certbot/display/util.py”, line 469, in _interaction_fail
raise errors.MissingCommandlineFlag(msg)
MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Input the path to your Cloudflare credentials INI file

Did you write this file by hand? The parameter names are (unfortunately) not the same as the ones used for the CLI.

--preferred-challenges becomes pref_challs.

--dns-cloudflare-credentials becomes dns_cloudflare_credentials

etc

These parameters get written automatically every time you issue or renew a certificate successfully over the command line.

Modifying the file is not recommended except in limited situations.

2 Likes

You’re right… I had modified the file by hand but I could not locate a way to regenerate it.

With your suggestions, everything worked out fine! Thank you!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.