search

kchristensen / udm-le

Let's Encrypt support for Ubiquiti UniFi OS
MIT License
572 stars 79 forks source link

Error presenting token #11

Closed crxporter closed 3 years ago

crxporter commented 3 years ago

I've gotten my cloudflare account set up, got my TLD set up in cloudflare, set up dynamic dns via dnsomatic for the UDM-Pro, then finally tried installing your script. It looks awesome but isn't running properly for me.

Any help will be appreciated. My error is:

2020/08/03 20:07:05 [WARN] [www.MYDOMAIN.us] acme: cleaning up failed: cloudflare: failed to find zone MYDOMAIN.us.: ListZonesContext command failed: error from makeRequest: HTTP status 400: content "{\"success\":false,\"errors\":[{\"code\":6003,\"message\":\"Invalid request headers\",\"error_chain\":[{\"code\":6111,\"message\":\"Invalid format for Authorization header\"}]}],\"messages\":[],\"result\":null}" 
2020/08/03 20:07:05 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6298189063
2020/08/03 20:07:05 Could not obtain certificates:
    error: one or more domains had a problem:
[www.MYDOMAIN.us] [www.MYDOMAIN.us] acme: error presenting token: cloudflare: failed to find zone MYDOMAIN.us.: ListZonesContext command failed: error from makeRequest: HTTP status 400: content "{\"success\":false,\"errors\":[{\"code\":6003,\"message\":\"Invalid request headers\",\"error_chain\":[{\"code\":6111,\"message\":\"Invalid format for Authorization header\"}]}],\"messages\":[],\"result\":null}"

Thanks!

kchristensen commented 3 years ago

How do you have your Cloudflare API token setup? This is how I have the one I use configured:

Screen Shot 2020-08-04 at 09 23 15

crxporter commented 3 years ago

I was using the global token (I know bad practice but currently I only plan to use cloudflare for the UDM)

kchristensen commented 3 years ago

Ah well this script doesn't pass the right parameters to Lego to use the global tokens, there's a separate set of variables you need to pass (like CLOUDFLARE_EMAIL) for that to work.

crxporter commented 3 years ago

Ah ok. So it’s best to use an api token. I’ll give it another try.

Thanks!

crxporter commented 3 years ago

I'm still getting the same error. Shows the same "invalid request headers" and "invalid format for authorization header" as the error message...

I'm using the API token now, set up the same as your screenshot earlier today.

crxporter commented 3 years ago

Update: Got it working. I had the CERT_HOSTS field wrong so the TLD didn't match the token.

Thanks for your help!