Thank you very much for the help.
I did want to say I also verified there is an A record for the wildcard on that domain, and the IP is correct. It was one of the first things I checked.
Thank you very much for the help.
I did want to say I also verified there is an A record for the wildcard on that domain, and the IP is correct. It was one of the first things I checked.
Ah hey, looks like it could be the same thing as this: https://github.com/home-assistant/addons/issues/1221#issuecomment-627583541
that additional Zone-Zone:Edit
, specifically.
Unfortunately that didn't fix it either. I updated to all zones and all dns on the key.
domain-le API token summary
This API token will affect the below accounts and zones, along with their respective permissions
Taubin's Account
All zones - Zone:Edit, DNS:Edit
I tried it with and without specifying the key
sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/domain.tld.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator dns-cloudflare, Installer nginx
Simulating renewal of an existing certificate for *.domain.tld
Performing the following challenges:
dns-01 challenge for domain.tld
Cleaning up challenges
Failed to renew certificate domain.tld with error: Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.3.1)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/domain.tld/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
server taubin ~ 1 sudo certbot renew --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/domain.tld.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator dns-cloudflare, Installer nginx
Simulating renewal of an existing certificate for *.domain.tld
Performing the following challenges:
dns-01 challenge for domain.tld
Cleaning up challenges
Failed to renew certificate domain.tld with error: Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.3.1)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/domain.tld/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
I even added the _acme-challenge txt record as someone there had suggested but it's still a no go. It's really strange.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.