cloudflare: some credentials information are missing

remilapeyre / vault-acme

Mozilla Public License 2.0

93 stars 23 forks source link

cloudflare: some credentials information are missing #23

Closed jeromeza closed 2 years ago

jeromeza commented 3 years ago

I can't get Cloudflare to work, I get the below error, this after trying:

#!/bin/bash

export CLOUDFLARE_EMAIL="my@domain.co.za"
export CLOUDFLARE_API_KEY="myglobalapikey"
export CF_API_EMAIL="my@domain.co.za"
export CF_API_KEY="myglobalapikey"

/Users/jerome/Downloads/vault/vault -v write acme/certs/domain.co.za \
    common_name=www.domain.co.za

Failed to validate certificate signing request: cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY or some credentials information are missing: CLOUDFLARE_DNS_API_TOKEN,CLOUDFLARE_ZONE_API_TOKEN

I've tried this as EXPORT vars in my shell, and in a script format above (as I came across a Lego post suggesting this: https://github.com/go-acme/lego/issues/785)

Any ideas - I've tried both sets of variables as shown above...

It simply looks like the vars aren't being passed through to the Lego client?

Thanks!

jeromeza commented 3 years ago

Digging through old commits - around 0.6 iirc I found that there's an added provider_configuration that can be called, which lets you specify the value outside of a shell var, as part of a map.

This seems to work: ./vault write acme/accounts/jerome \ contact=my@domain.co.za \ server_url=https://acme-staging-v02.api.letsencrypt.org/directory \ terms_of_service_agreed=true \ provider=cloudflare \ provider_configuration={CF_API_KEY= myglobalapikey,CLOUDFLARE_EMAIL=my@domain.co.za}

See: https://github.com/remilapeyre/vault-acme/blob/2ae3fc3605ce9c631e5ae018e488a9f6cc3fb041/website/source/api/secret/acme/index.html.md

See: provider_configuration (map of strings: ) - The configuration to use for the DNS provider when not using environment variables.

See: https://github.com/remilapeyre/vault-acme/releases/tag/v0.0.6

Add provider_configuration parameter to override environment variables Closes https://github.com/remilapeyre/vault-acme/issues/19

remilapeyre commented 3 years ago

Hi @jeromeza, only the environment variables of the Vault server can be used to set the configuration of the ACME provider, the environment variables of the Vault client are all ignored.

remilapeyre commented 3 years ago

Using provider_configuration should work if you cannot change the environment variables of the server.

remilapeyre commented 2 years ago

Hi @jeromeza, I will close this issue. If you are still having troubles with setting the configuration please open it again.