(requested details filled in below)
I'm trying to create a new cert. I've followed the steps shown at:
My Profile > API Tokens
I made a new API token:
Zone:DNS:Edit
Zone:Zone:Read
That made a token, from which I made a file, containing only:
dndns_cloudflare_api_key = [that token]
dns_cloudflare_email = [my email address]
I have double- and triple-checked the token.
Then:
$ sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials cloudflare.ini -d [DOMAIN],*.[DOMAIN]
That fails, here's the error:
Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.11.6)
As it says, I do have an up-to-date cloudflare package installed, but, on Gentoo, there is (still) a certbot-dns-cloudflare package, in an overlay, showing version number 2.1.0:
$ equery l certbot-dns-cloudflare
- Searching for certbot-dns-cloudflare ...
[I-O] [ ] app-crypt/certbot-dns-cloudflare-2.1.0:0
Does this mean that the certbot-dns-cloudflare package is running behind, or, is this a case of two unrelated package numbers, so that's not the source of my issue?
If it is the case that my problem is being caused by an out-of-date Certbot DNS package, how might I fix that? Do I need to remove all the Gentoo packages and restart with pip (or something)?
Or...?
Thanks. Standard entries filled in below as requested.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: michaeljinks.com
I ran this command: $ sudo certbot -v certonly --dns-cloudflare --dns-cloudflare-credentials cloudflare.ini -d [NEW-DNS-NAME] -d *.[NEW-DNS-NAME]
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for [NEW-DNS-NAME] and *.[NEW-DNS-NAME]
Input the path to your Cloudflare credentials INI file (Enter 'c' to cancel):
My web server is (include version): www-servers/nginx-1.25.3:mainline
The operating system my web server runs on is (include version): Linux 6.1.19-gentoo-dist
My hosting provider, if applicable, is: (not applicable)
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no; shell/sudo
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.8.0