[HELP] Generate wildcard certificate with Cloudflare challenge

[l0u1sg]

What happened? Hello, I am new to this proxy and I am trying to generate a wildcard certificate for my domain using the Cloudflare challenge. Cloudflare is only used for DNS, nothing goes through their proxy. I am a bit lost because it is asking for several keys and I don't necessarily know where to look... Could someone help me and tell me where to find these keys or send me documentation?

Describe what have you tried I have already tried generating API keys that allow access to the zones, I found my zone ID, but I think it is the AuthKey and AuthToken fields that I cannot find.

Describe the networking setup you are using Here are some example, commonly asked questions from our maintainers:

• Are you using the docker build of Zoraxy? yes
• Your Zoraxy version? 3.0.7
• Are you using Cloudflare? only for DNS, not for proxy
• Are your system hosted under a NAT router? No

[yeungalan]

You may get the Auth Token here

WL: https://dash.cloudflare.com/profile/api-tokens https://go-acme.github.io/lego/dns/cloudflare/

[AlliAlliAlli]

I hate to say it but I'm also confused on the wording here. So the second link you posted lists 4 different env variables. Am I right to assume Zoraxy's variables go in the same order as the ones listed in that link?

AuthEmail = CF_API_EMAIL AuthKey = CF_API_KEY (aka Global API Key) AuthToken = CF_DNS_API_TOKEN ZoneToken = CF_ZONE_API_TOKEN

Is this correct?

[yeungalan]

Yes that's right, @tobychui will you fix the naming issue?

[AlliAlliAlli]

Thanks for confirming, I just wanted to make sure. :)

[tobychui]

Yes that's right, @tobychui will you fix the naming issue?

Maybe. That is the key used by lego and mapping them in Zoraxy to be used once during certificate setup seems involving too much work. Maybe we can fix that after the localization project is ready and treat it as a kind of translation / text rewrite.

[AzAel76]

Maybe add it to the documentation in the interim. I had similar experiences but figured it out then ran into further issues due to using cnames pointing to a dynamic DNS service instead of A records. CloudFlare would fail to update the DNS challenge on my domain because it was trying to use or being sent my dynamic DNS domain.

[l0u1sg]

It worked for me, thanks @yeungalan

[yeungalan]

Glad it worked :)

[tobychui]

As this seems working, I am closing this help issue. For future visitors, you do not need to fill in all 4 fields for Cloudflare DNS challenge. You only need to fill in the email (AuthEmail) and the global API token (AuthKey) and it will just works.