Error determining zone identifier for [domain] : 403 Client Error: Forbidden for url: https://ca.api.ovh.com/v1/domain/zone


#1

I used this tutorial to set up a certbot certificate for my ovh server, almost exactly as it tells me to. I googled the error and most of the responses told me I needed to create a separate OVH API account, something which those docs either did not tell me to do or I did not see.

My domain is: http://www.screech.xyz

I ran this command: sudo certbot -a dns-ovh -i apache -d "*.screech.xyz" -d screech.xyz --server https://acme-v02.api.letsencrypt.org/directory --dns-ovh-credentials /etc/ovh.ini

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-ovh, Installer apache
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for screech.xyz
dns-01 challenge for screech.xyz
Cleaning up challenges
Error determining zone identifier for screech.xyz: 403 Client Error: Forbidden for url: https://ca.api.ovh.com/1.0/domain/zone/. (Are your Application Key and Consumer Key values correct?)

My web server is (include version): Apache 2

The operating system my web server runs on is (include version): Debian 9 (Stretch)

My hosting provider, if applicable, is: OvH

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No, I’m using SSH


#2

That domain is using Hostinger’s DNS:

screech.xyz.            3600    IN      NS      ns4.hostinger.com.
screech.xyz.            3600    IN      NS      ns3.hostinger.com.
screech.xyz.            3600    IN      NS      ns2.hostinger.com.
screech.xyz.            3600    IN      NS      ns1.hostinger.com.

Though it also has authoritative NS records for Cloudflare:

screech.xyz.            1800    IN      NS      naomi.ns.cloudflare.com.
screech.xyz.            1800    IN      NS      west.ns.cloudflare.com.

Either way, it’s not using OVH DNS at the moment.

If you want to use OVH DNS with Certbot, you’ll have to set it up at OVH and your domain registrar. Have you done the first part?

Certbot also has a plugin for Cloudflare – https://certbot-dns-cloudflare.readthedocs.io/en/stable/ – but you would still have to change the nameserver settings at your registrar.