Cloudflare DNS Plugin cloudflare.ini file configuration issue

I ran this command:

certbot certonly --dns-cloudflare   --dns-cloudflare-credentials cloudflare.ini   -d <domain> --config-dir config/ --work-dir . --logs-dir logs/ --dns-cloudflare-propagation-seconds 

It produced this output:

2022-05-11 16:18:42,292:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/home/lab-user/Garage/certbot/env/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 86, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/home/lab-user/Garage/certbot/env/lib/python3.8/site-packages/certbot/plugins/dns_common.py", line 76, in perform
    self._perform(domain, validation_domain_name, validation)
  File "/home/lab-user/Garage/certbot/env/lib/python3.8/site-packages/certbot_dns_cloudflare/_internal/dns_cloudflare.py", line 76, in _perform
    self._get_cloudflare_client().add_txt_record(domain, validation_name, validation, self.ttl)
  File "/home/lab-user/Garage/certbot/env/lib/python3.8/site-packages/certbot_dns_cloudflare/_internal/dns_cloudflare.py", line 85, in _get_cloudfla>
    return _CloudflareClient(None, self.credentials.conf('api-token'))
  File "/home/lab-user/Garage/certbot/env/lib/python3.8/site-packages/certbot_dns_cloudflare/_internal/dns_cloudflare.py", line 95, in __init__
    self.cf = CloudFlare.CloudFlare(email, api_key)
  File "/home/lab-user/Garage/certbot/env/lib/python3.8/site-packages/CloudFlare/cloudflare.py", line 938, in __init__
    raise CloudFlareAPIError(0, str(e))
CloudFlare.exceptions.CloudFlareAPIError: CloudFlare: configuration section missing - configuration file only has these sections: default

2022-05-11 16:18:42,292:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-05-11 16:18:42,292:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-05-11 16:18:42,293:ERROR:certbot._internal.error_handler:Encountered exception during recovery: CloudFlare.exceptions.CloudFlareAPIError: CloudF>
2022-05-11 16:18:42,294:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/home/lab-user/Garage/certbot/env/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/home/lab-user/Garage/certbot/env/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/home/lab-user/Garage/certbot/env/lib/python3.8/site-packages/certbot/_internal/main.py", line 1744, in main
    return config.func(config, plugins)

My configuration of cloudflare.ini looks something like below :-

dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567

Versions of certbot and certbot-dns-cloudflare is given below :-

certbot==1.27.0
certbot-dns-cloudflare==1.27.0

I installed both using pip.

I am not sure where I am going wrong since I have followed the official docs
Welcome to certbot-dns-cloudflare’s documentation! — certbot-dns-cloudflare 0 documentation.

Any help / guidance in solving this would be really helpful.

1 Like

Welcome to the community @rams3sh

My only suggestion is to use a fully qualified path to your cloudflare.ini file. The DNS plugin may not use the values from the work-dir or config-dir. These may only be for certbot files - not the plugin - but I am not sure of this.

I also notice there is no value after your propagation-seconds option. If that was just a pasting problem never mind. But if you don't want to change the default value just leave it off. This isn't likely related to your error I am just pointing it out.

3 Likes

I found the issue, I had another configuration file at ~/.cloudflare/cloudflare.cfg which was malformed and the plugin was apparently switching between the provided local cloudflare.ini and the ~/.cloudflare/cloudflare.cfg . When the cloudflare.ini was corrected and formatted as per docs , it was showing errors in the former and so on and so forth. I deleted the former one and the errors disappeared.

Hey @MikeMcQ
Thanks for the response.

My only suggestion is to use a fully qualified path to your cloudflare.ini file.

Hey Sure , that's ideal , but apparently this worked. However, I will follow it.

The DNS plugin may not use the values from the work-dir or config-dir. These may only be for certbot files - not the plugin - but I am not sure of this.

These arguments were for the cerbot and not for the plugin.

I also notice there is no value after your propagation-seconds option. If that was just a pasting problem never mind.

Yeah , that was a miss from my end while copying.

4 Likes

Ah, you found it before I could post a possible (and apparently the actual :stuck_out_tongue:) solution here. :wink:

If you look at the code of the Cloudflare Python client library, you'd find that the code indeed looks at that directory for a .cfg file:

However, if you look at the Certbot code (also in your logs), you can see Certbot already provided the Cloudflare client library with the token Certbot fetched itself from the .ini file provided on the command line. As far as I can see, there isn't an option to prevent the Cloudflare library to NOT look for the .cfg files unfortunately.

4 Likes

@Osiris Infact I also finally went through the SDK code (that you also have mentioned) to narrow down the problem. Else I couldnt have found it as the logs were not clear.

It would have been helpful if SDK could ignore the default paths if an explicit path is given. This just adds to the confusion.