Ertbot: error: unrecognized arguments: /home

I am trying to install an SSL certificate for the root domain along with a wildcard for all subdomains.

My domain is:
Webserver: Nginx
OS: Ubuntu 20.04.4
Hosting provider: GCP

Downloaded certbot using snap
Installed latest version of python3-cloudflare

I ran this command:
$ certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d -d * –i nginx

And this output returns:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certbot: error: unrecognized arguments: /home/kev_m_lin/.secrets/certbot/cloudflare.ini –i nginx

Using this tutorial:

You'll need to put quotes around the wildcard:

-d "*"

Also, did you install the Cloudflare plugin using snap?

sudo snap set certbot trust-plugin-with-root=ok
sudo snap install certbot-dns-cloudflare

Hey there - thanks for your help!

I did install that Cloudflare plug-in but I'm still getting the same error message.

It seems the dash used for the -i in front of nginx is an "en dash" ( in your post, compare that en dash with a regular one: -) and not a regular one. Did you perhaps copy/paste that -i nginx part from a how-to? You should change it to a regular dash.

Maybe even the space in front of -i is not a regular space, otherwise Certbot should see those two items separately. Better to type that space manually too before trying again.

Edit: although an unicode decoder says its a regular space.. :thinking: Not sure why Certbot doesn't see them separately in that case then..


Well spotted! The dash is definitely a problem.

Also, get rid of certonly if you want Certbot to install the certificate to nginx.


I manually input my "-" dashes and got rid of the "certonly" command. Still getting a response.

Could this be the issue? for the credentials, I input an Edit zone DNS API Token like this:

-- dns-cloudflare-credentials [API Token] ~/.secrets/certbot/cloudflare.ini

So the entire line would be:

certbot --dns-cloudflare --dns-cloudflare-credentials [API Token] ~/.secrets/certbot/cloudflare.ini -d -d "*" -i nginx

Could I be typing out the API Token all wrong?

For context, I'm following this doc: Welcome to certbot-dns-cloudflare’s documentation! — certbot-dns-cloudflare 0 documentation

The API token goes into the .ini file. You don't include it on the command line.


Ah okay - so how do I input the API token in the .ini file?

So if you look at Welcome to certbot-dns-cloudflare’s documentation! — certbot-dns-cloudflare 0 documentation the example contents of the .ini file are:

# Cloudflare API token used by Certbot
dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567

You would replace 0123456789abcdef0123456789abcdef01234567 with your real API token.


Alright. I just tried this:

certbot --dns-cloudflare --dns-cloudflare-credentials [API Token] -d -d "*" -i nginx

And got this, in dark red letters:

The following error was encountered:
[Errno 13] Permission denied: '/var/log/letsencrypt/.certbot.lock'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
Ask for help or search for solutions at See the logfile /tmp/tmphhn1uex5/log or re-run Certbot with -v for more details.

You'll need to run Certbot as root. Use sudo certbot rather than certbot.

Keep in mind also if you stored the API credential in your non-root user's home directory, you might have to change your command to use this path: