I ran this command:
certbot certonly --dns-cloudflare --dns-cloudflare-credentials /.secrets/certbot/cloudflare.ini -d *.tom-holscher.de -d *.squadofgods.de -d *.delmenhorstbulldogds.de
It produced this output:
Do you want to expand and replace this existing certificate with the new
certificate?
(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for delmenhorstbulldogds.de
Cleaning up challenges
Missing properties in credentials configuration file /.secrets/certbot/cloudflare.ini:
Property "dns_cloudflare_email" not found (should be email address associated with Cloudflare account).
Is the path to your ini file actually /.secrets/certbot/cloudflare.ini rather than something like ~/.secrets/certbot/cloudflare.ini or /home/tom/.secrets/certbot/cloudflare.ini?
i think its readable, i have made chmod 600 to the file.
there is the field dns_cloudflare_api_token in the file, but i dont use the api key and email, i have made it a few weeks ago with the global token and it worked, but not yet
when i add the fields to the file it says, that the key is wronk or like this, but i have copyied it from cloudflare. and i would to use the global api token because its better
i have tested a little bit, and tryed to use only the global key, but it doesnt work, he says
Missing properties in credentials configuration file /root/.secrets/cloudflare.ini:
* Property "dns_cloudflare_email" not found (should be email address associated with Cloudflare account).
* Property "dns_cloudflare_api_key" not found (should be API key for Cloudflare account, obtained from https://dash.cloudflare.com/profile/api-tokens).
why does i cant use only my global key?
i use certbot 0.40.0
The docs page for the plugin makes it sound like limited scope tokens are only supported on newer versions of the module?
Using Cloudflare Tokens also requires at least version 2.3.1 of the cloudflare python module. If the version that automatically installed with this plugin is older than that, and you can’t upgrade it on your system, you’ll have to stick to the Global key.
in my apt list i can find:
python3-cloudflare/focal,focal,now 2.1.0-1 all [installed,automatic]
and
python3-certbot-dns-cloudflare/focal,focal,now 0.39.0-1 all [installed]
and on snap i use:
certbot-dns-cloudflare 1.13.0 631 latest/stable certbot-eff✓ -
It sounds very much like you have two different copies of Certbot installed and are running the older version.
The installation instructions for the Certbot snap suggest that you first remove the apt versions of your Certbot packages, which would prevent the older version being accidentally used.
In the meantime, you can try calling /snap/bin/certbot directly while using only dns_cloudflare_api_token, and it should work.