Error determining zone identifier for [domain] : 403 Client Error: Forbidden for url:


I used this tutorial to set up a certbot certificate for my ovh server, almost exactly as it tells me to. I googled the error and most of the responses told me I needed to create a separate OVH API account, something which those docs either did not tell me to do or I did not see.

My domain is:

I ran this command: sudo certbot -a dns-ovh -i apache -d "*" -d --server --dns-ovh-credentials /etc/ovh.ini

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-ovh, Installer apache
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for
dns-01 challenge for
Cleaning up challenges
Error determining zone identifier for 403 Client Error: Forbidden for url: (Are your Application Key and Consumer Key values correct?)

My web server is (include version): Apache 2

The operating system my web server runs on is (include version): Debian 9 (Stretch)

My hosting provider, if applicable, is: OvH

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No, I’m using SSH


That domain is using Hostinger’s DNS:            3600    IN      NS            3600    IN      NS            3600    IN      NS            3600    IN      NS

Though it also has authoritative NS records for Cloudflare:            1800    IN      NS            1800    IN      NS

Either way, it’s not using OVH DNS at the moment.

If you want to use OVH DNS with Certbot, you’ll have to set it up at OVH and your domain registrar. Have you done the first part?

Certbot also has a plugin for Cloudflare – – but you would still have to change the nameserver settings at your registrar.


Sorry for being dumb but I can’t find the nameservers for OVH. I assume its but I can’t be sure. Could you mind telling me them?


OVH has a lot of different nameservers. You would have to check OVH’s control panel or documentation to find out which ones are assigned to your zone.

I don’t use OVH, so I don’t know exactly where that information is displayed.


edit /etc/ovh.ini
dns_ovh_endpoint = ovh-ca
change ovh-ca to ovh-eu

After edit
dns_ovh_endpoint = ovh-eu

closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.