Hello I have the domain “r-proxy.summoning.ml”.
I have an error trying to install a lets encript wilcard certificate in freeNAS with nginx.
The error obtained is:
root@reverse-proxy:/ # certbot certonly \
? --dns-cloudflare \
? --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini \
? -d r-proxy.summoning.ml
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-cloudflare, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for r-proxy.summoning.ml
Unsafe permissions on credentials configuration file: /root/ .secrets/certbot/cloudflare.ini
Cleaning up challenges
An unexpected error ocurred:
KeyError: 'code'
Please see the logfiles in /var/log/letsencrypt for more details.
Reviewing the log, I can observe the following:
20 15:44:01,229:INFO:certbot._internal.auth_handler:Cleaning up challenges
20 15:44:01,238:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.cloudflare.com:443
20 15:44:01,562:DEBUG:urllib3.connectionpool:https://api.cloudflare.com:443 "GET /client/v4/zones?name=r
20 15:44:01,838:DEBUG:urllib3.connectionpool:https://api.cloudflare.com:443 "GET /client/v4/zones?name=s
20 15:44:01,839:DEBUG:certbot_dns_cloudflare._internal.dns_cloudflare:Found zone_id of 2bfc6592a339578d2
20 15:44:02,827:DEBUG:urllib3.connectionpool:https://api.cloudflare.com:443 "GET /client/v4/zones/2bfc65
20 15:44:02,829:DEBUG:certbot_dns_cloudflare._internal.dns_cloudflare:Unable to find TXT record.
20 15:44:02,829:DEBUG:certbot_dns_cloudflare._internal.dns_cloudflare:TXT record not found; no cleanup needed.
…
What may be happening?
I have declared the TXT record for r-proxy.summoning.ml in cloudflare.
Cloudflare removed the ability to use the DNS API if:
You are on the Cloudflare Free plan, and
You are using one of the Freenom TLDs (ml, gq, tk, cf, ga)
This affects Certbot’s ability to automatically issue wildcards for those domains. You can still enter the TXT records manually into the user interface (using --manual instead of --dns-cloudflare), but it won’t be automatically renewing.
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: _acme-challenge.rolejobs.org. 300 IN TXT v=spf1 a mx a:rolejobs.org ip4:181.116.19.184 ?all
I have no idea what gave you the idea to do this. Simply --manual --preferred-challenges dns-01 -d <whatever>. If you aren't using the cloudflare plugin, you don't need to specify its credentials, and if you're using Let's Encrypt, you don't need to specify the server. It will tell you what TXT records need to be created--there will be two of them, and you need to create both of them.
No, you aren't. As @_az explained, you can't use its API for your domain if you're using it on the free plan. You're instead using manual mode, which doesn't use the plugin.
Well, you need the quotes (or some other way to escape the character) for the wildcard. But you need proper quotes, not the curly quotes that are showing here.
@protoss666, the correct command would be certbot certonly --manual --preferred-challenges dns -d summoning.ml -d "*.summoning.ml"
Note:
The second flag is --preferred-challenges, not --preferred-challenge
The quotes around the second domain name (required to keep the shell from evaluating the *) are straight quotes, not the curly quotes in the command you copied and pasted
Certbot will you give you two TXT record values. You must create both of them (they’ll both have the same name, and yes, this is perfectly valid) before proceeding with validation.