Error determining zone identifier for [domain] : 403 Client Error: Forbidden for url: https://ca.api.ovh.com/v1/domain/zone

I used this tutorial to set up a certbot certificate for my ovh server, almost exactly as it tells me to. I googled the error and most of the responses told me I needed to create a separate OVH API account, something which those docs either did not tell me to do or I did not see.

My domain is: http://www.screech.xyz

I ran this command: sudo certbot -a dns-ovh -i apache -d "*.screech.xyz" -d screech.xyz --server https://acme-v02.api.letsencrypt.org/directory --dns-ovh-credentials /etc/ovh.ini

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-ovh, Installer apache
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for screech.xyz
dns-01 challenge for screech.xyz
Cleaning up challenges
Error determining zone identifier for screech.xyz: 403 Client Error: Forbidden for url: https://ca.api.ovh.com/1.0/domain/zone/. (Are your Application Key and Consumer Key values correct?)

My web server is (include version): Apache 2

The operating system my web server runs on is (include version): Debian 9 (Stretch)

My hosting provider, if applicable, is: OvH

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No, I’m using SSH

That domain is using Hostinger’s DNS:

screech.xyz.            3600    IN      NS      ns4.hostinger.com.
screech.xyz.            3600    IN      NS      ns3.hostinger.com.
screech.xyz.            3600    IN      NS      ns2.hostinger.com.
screech.xyz.            3600    IN      NS      ns1.hostinger.com.

Though it also has authoritative NS records for Cloudflare:

screech.xyz.            1800    IN      NS      naomi.ns.cloudflare.com.
screech.xyz.            1800    IN      NS      west.ns.cloudflare.com.

Either way, it’s not using OVH DNS at the moment.

If you want to use OVH DNS with Certbot, you’ll have to set it up at OVH and your domain registrar. Have you done the first part?

Certbot also has a plugin for Cloudflare – https://certbot-dns-cloudflare.readthedocs.io/en/stable/ – but you would still have to change the nameserver settings at your registrar.

1 Like

Sorry for being dumb but I can’t find the nameservers for OVH. I assume its ns1.ovh.net but I can’t be sure. Could you mind telling me them?

OVH has a lot of different nameservers. You would have to check OVH’s control panel or documentation to find out which ones are assigned to your zone.

I don’t use OVH, so I don’t know exactly where that information is displayed.

1 Like

edit /etc/ovh.ini
dns_ovh_endpoint = ovh-ca
change ovh-ca to ovh-eu

After edit
dns_ovh_endpoint = ovh-eu

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.