Dns-couldflare Missing properties in credentials configuration file

Ubuntu server 20.04
Certbot 0.40.0
With a fresh install of certbot and the cloudflare dns plugin on ubuntu, I'm unable to use the api token method described here;

When running the command;

certbot certonly \                      
    -d 'foobar.com' \
    -d '*.foobar.com' \
    --preferred-challenges dns-01 \
    --server https://acme-v02.api.letsencrypt.org/directory \
    --dns-cloudflare \
    --dns-cloudflare-credentials ~/.secrets/certbot-dns-cloudflare.ini

I receive the following error;

Missing properties in credentials configuration file /root/.secrets/certbot-dns-cloudflare.ini:
 * Property "dns_cloudflare_email" not found (should be email address associated with Cloudflare account).
 * Property "dns_cloudflare_api_key" not found (should be API key for Cloudflare account, obtained from https://dash.cloudflare.com/profile/api-tokens).

cerbot plugins show this, but I don't know how to verify the version of dns-cloudflare is above the threshold of v2.3.1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT

* dns-cloudflare
Description: Obtain certificates using a DNS TXT record (if you are using
Cloudflare for DNS).
Interfaces: IAuthenticator, IPlugin
Entry point: dns-cloudflare =
certbot_dns_cloudflare.dns_cloudflare:Authenticator

* standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator

* webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

I have a file located here: ~/.secrets/certbot-dns-cloudflare.ini (redacted)

# Cloudflare API token used by Certbot
dns_cloudflare_api_token = ########

Any ideas what might be wrong? How can I check the plugin version?

2 Likes

Interesting question. I guess that isn't implemented in certbot. I might open an issue on the certbot Github page. Or you might do it, if you're interested.

As far as I can tell, it seems version 0.39 is the current version in Ubuntu Focal: https://packages.ubuntu.com/focal/python3-certbot-dns-cloudflare You could check by running apt-cache policy python3-certbot-dns-cloudflare.

It seems version 0.39 doesn't know how to handle tokens:

https://github.com/certbot/certbot/blob/v0.39.0/certbot-dns-cloudflare/certbot_dns_cloudflare/init.py#L20-L36

2 Likes

Thanks for that, seems I have that version you mention;

apt-cache policy python3-certbot-dns-cloudflare
python3-certbot-dns-cloudflare:
  Installed: 0.39.0-1
  Candidate: 0.39.0-1
  Version table:
 *** 0.39.0-1 500
        500 http://mirrors.linode.com/ubuntu focal/universe amd64 Packages
        500 http://mirrors.linode.com/ubuntu focal/universe i386 Packages
        100 /var/lib/dpkg/status

Does this mean I need to use the global api key, or is there a better way to install a newer version?

On a different set up a while back I seem to remember using pip to install it, but I used sudo apt install python3-certbot-dns-cloudflare in this instance.

3 Likes

The certbot team nowadays advertises the use of snapd and the certbot snap and the separate plugin snaps in stead of the official packaged versions. This enables them to keep the snap current at all times, while official packages often lag behind tremendously. See the current howto for Ubuntu 20.04: https://certbot.eff.org/lets-encrypt/ubuntufocal-other

4 Likes

Ah, perfect. After installing with snapd everything is working now, much appreciated. Thanks!

4 Likes

Be sure to remove the unused/previous version (if you haven't already).

1 Like

Yes I did remove the previous version first, thanks for the reminder anyway.

2 Likes