search

gregtwallace / certwarden

Cert Warden is a centralized ACME Client. It provides an API for certificate consumers to fetch their individual keys and certs with API keys.
https://www.certwarden.com/
Other
176 stars 6 forks source link

Cannot use dns01 acme.sh provider with Cloudflare #44

Closed xorguy closed 5 months ago

xorguy commented 5 months ago

Hi.

I have set a docker container with version 0.18.4 and set a DNS-01 acme.sh provider to use with Cloudflare and it is failing, partial log is, with redacted credentials:

legocerthub | 2024-02-04T23:06:14.926Z debug challenges/provisioning.go:29 unable to add resource for sysadminsquare.com to challenge work tracker; waiting for resource name to become free legocerthub | 2024-02-04T23:06:19.924Z error dns01acmesh/resources.go:24 acme.sh dns create script std err: [Sun Feb 4 23:06:14 UTC 2024] config file is empty, can not save CF_Token=xxxxxxxxxxx legocerthub | [Sun Feb 4 23:06:14 UTC 2024] config file is empty, can not save CF_Account_ID=xxxxxxxxxxx legocerthub | [Sun Feb 4 23:06:14 UTC 2024] config file is empty, can not save CF_Zone_ID=xxxxxxxxxx legocerthub | [Sun Feb 4 23:06:19 UTC 2024] invalid domain legocerthub | 2024-02-04T23:06:19.925Z error dns01acmesh/resources.go:27 acme.sh dns create script error: exit status 1 legocerthub | 2024-02-04T23:06:25.115Z error dns01acmesh/resources.go:49 acme.sh dns create script std err: [Sun Feb 4 23:06:25 UTC 2024] invalid domain legocerthub | 2024-02-04T23:06:25.115Z error dns01acmesh/resources.go:52 acme.sh dns delete script error: exit status 1 legocerthub | 2024-02-04T23:06:25.115Z debug challenges/provisioning.go:65 removed resource for sysadminsquare.com from challenge work tracker legocerthub | 2024-02-04T23:06:25.115Z debug challenges/provisioning.go:25 added resource for sysadminsquare.com to challenge work tracker legocerthub | 2024-02-04T23:06:25.115Z error challenges/solver.go:62 challenge solver deprovision failed (exit status 1)

Variables for this provider are set like CF_Token=xxxxxxx

Any idea what can be failing?

gregtwallace commented 5 months ago

Cloudflare has a native integration. I wouldn’t bother with acme.sh.

That said, based on the error it sounds like the authentication method doesn’t have proper access to the domain you’re trying to configure.

xorguy commented 5 months ago

I tried Cloudflare before the acme.sh and it was not working for me, but after reviewing API tokens now it works.

Thanks.