Having an issue migrating from the old letsencrypt image to swag. Followed the instructions on the repo, and now I'm getting
Error determining zone_id: 9103 Unknown X-Auth-Key or X-Auth-Email. Please confirm that you have supplied valid Cloudflare API credentials. (Did you enter the correct email address and Global key?)
ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file
Also getting this warning, ran `chmod 600` and the warning will not go away.
Unsafe permissions on credentials configuration file: /config/dns-conf/cloudflare.ini
My credentials are correct in cloudflare.ini. I've tried rolling my API token, generating completely new ones, even using email/global API key and nothing is working.
Stumped here.
/var/log/letsencrypt.log hits the first exception here:
2021-04-14 12:28:36,683:DEBUG:urllib3.connectionpool:https://api.cloudflare.com:443 "GET /client/v4/zones?name=docker.muth.dev&per_page=1 HTTP/1.1" 403 None
2021-04-14 12:28:36,692:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/certbot_dns_cloudflare/_internal/dns_cloudflare.py", line 187, in _find_zone_id
zones = self.cf.zones.get(params=params) # zones | pylint: disable=no-member
File "/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py", line 672, in get
return self._base.call_with_auth('GET', self._parts,
File "/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py", line 126, in call_with_auth
return self._call(method, headers, parts,
File "/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py", line 502, in _call
raise CloudFlareAPIError(code, message)
CloudFlare.exceptions.CloudFlareAPIError: Unknown X-Auth-Key or X-Auth-Email
I can curl the https://api.cloudflare.com/client/v4/user/tokens/verify endpoint just fine:
"messages":[{"code":10000,"message":"This API Token is valid and active","type":null}]
I am a genius.
Renamed my dir that my compose and config files live in from letsencrypt/ to swag/, but forgot to update the volume mount path as well. Amazing lol. All is well.