Snap installing old version of Certbot

Thank you very much for the help.

I did want to say I also verified there is an A record for the wildcard on that domain, and the IP is correct. It was one of the first things I checked.

3 Likes

Ah hey, looks like it could be the same thing as this: https://github.com/home-assistant/addons/issues/1221#issuecomment-627583541

2 Likes

that additional Zone-Zone:Edit, specifically.

2 Likes

Unfortunately that didn't fix it either. I updated to all zones and all dns on the key.

domain-le API token summary

This API token will affect the below accounts and zones, along with their respective permissions

    Taubin's Account
        All zones - Zone:Edit, DNS:Edit

I tried it with and without specifying the key

sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/domain.tld.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator dns-cloudflare, Installer nginx
Simulating renewal of an existing certificate for *.domain.tld
Performing the following challenges:
dns-01 challenge for domain.tld
Cleaning up challenges
Failed to renew certificate domain.tld with error: Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.3.1)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/domain.tld/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
  server  taubin  ~  1  sudo certbot renew --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/domain.tld.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator dns-cloudflare, Installer nginx
Simulating renewal of an existing certificate for *.domain.tld
Performing the following challenges:
dns-01 challenge for domain.tld
Cleaning up challenges
Failed to renew certificate domain.tld with error: Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.3.1)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/domain.tld/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

I even added the _acme-challenge txt record as someone there had suggested but it's still a no go. It's really strange.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.