[BUG] Cloudflare API misidentifies the domain and result: invalid domain

[Widmo]

acme.sh - latest version

Steps to reproduce: Issue wildcard certificate with CF API, usting API token only.

Debug log

[Mon 17 Jan 2022 11:26:48 AM CET] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh
[Mon 17 Jan 2022 11:26:48 AM CET] Adding txt value: DUubYcJHfurkO86pQgKS0H4IqKooXFlHsmYQ-6yF3ig for domain:  _acme-challenge.example.com
[Mon 17 Jan 2022 11:26:49 AM CET] First detect the root zone
[Mon 17 Jan 2022 11:26:49 AM CET] h='_acme-challenge.example.com'
[Mon 17 Jan 2022 11:26:49 AM CET] zones?name=_acme-challenge.example.com&account.id=my@mail.com
[Mon 17 Jan 2022 11:26:49 AM CET] GET
[Mon 17 Jan 2022 11:26:49 AM CET] url='https://api.cloudflare.com/client/v4/zones?name=_acme-challenge.example.com&account.id=my@mail.com'
[Mon 17 Jan 2022 11:26:49 AM CET] timeout=
[Mon 17 Jan 2022 11:26:49 AM CET] Http already initialized.
[Mon 17 Jan 2022 11:26:50 AM CET] ret='0'
[Mon 17 Jan 2022 11:26:50 AM CET] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Mon 17 Jan 2022 11:26:50 AM CET] h='example.com'
[Mon 17 Jan 2022 11:26:50 AM CET] zones?name=example.com&account.id=my@mail.com
[Mon 17 Jan 2022 11:26:50 AM CET] GET
[Mon 17 Jan 2022 11:26:50 AM CET] url='https://api.cloudflare.com/client/v4/zones?name=example.com&account.id=my@mail.com'
[Mon 17 Jan 2022 11:26:50 AM CET] timeout=
[Mon 17 Jan 2022 11:26:50 AM CET] Http already initialized.
[Mon 17 Jan 2022 11:26:51 AM CET] ret='0'
[Mon 17 Jan 2022 11:26:51 AM CET] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Mon 17 Jan 2022 11:26:51 AM CET] h='com'

Here magically domain: example.com became: com

[Mon 17 Jan 2022 11:26:51 AM CET] zones?name=com&account.id=my@mail.com
[Mon 17 Jan 2022 11:26:51 AM CET] GET
[Mon 17 Jan 2022 11:26:51 AM CET] url='https://api.cloudflare.com/client/v4/zones?name=com&account.id=my@mail.com'
[Mon 17 Jan 2022 11:26:51 AM CET] timeout=
[Mon 17 Jan 2022 11:26:51 AM CET] Http already initialized.
[Mon 17 Jan 2022 11:26:52 AM CET] ret='0'
[Mon 17 Jan 2022 11:26:52 AM CET] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Mon 17 Jan 2022 11:26:52 AM CET] h
[Mon 17 Jan 2022 11:26:52 AM CET] invalid domain

And of course error appear.

[Neilpang]

check your api token. It usually means that your token is wrong.

[Widmo]

I think token is ok, cause if I set domain_id it will work.

IMHO domain_id detection does not work correctly.

[BachBWN1007]

I think token is ok, cause if I set domain_id it will work.

IMHO domain_id detection does not work correctly.

May i know how to setuo domain_id ?

[tobycm]

Mine somehow "pterodactyl.example.com" becomes "example.com" then "com" then nothing 0.0

Newest acme.sh

[Widmo]

I think token is ok, cause if I set domain_id it will work. IMHO domain_id detection does not work correctly.

May i know how to setuo domain_id ?

Sorry, I mean Zone ID:

CF_Zone_ID=

[Aonodensetsu]

Can confirm this is the case for a multi-zone setup. The zone recognized is the first one, instead of the second one, when renewing/issuing the second certificate. The zone recognized matches 1:1 the first zone, instead of the second. This is still an issue on the lastest version with --upgrade.

[Aonodensetsu]

Found the bugger - it's not directly a bug with acme.sh, it was that there's a main config where you have a SAVED_CF_Zone_ID and additionally a config per domain, with its own CF_Zone_ID as well, which was set to the wrong value - I don't know when the configuration diverged but my screwing around manually might have been the cause.