Issues with cloudflare

https://pastebin.com/E9LtykFW
^^ SYSTEMD/JOURNALCTL STATUS^^

https://pastebin.com/20tV0QD9
My systemd file

https://pastebin.com/jzBJqbrY
Systemd enviroment file

API key permissions

Any clue what im doing wrong? I do beleive it is the permissions on the API key

EDIT: Yes, I have the tls.cloudlfare plugin
EDIT: https://pastebin.com/uLd1kjUe < CADDYFILE

The error Cloudflare is returning is: Invalid format for X-Auth-Key header

Ensure you’ve got the API key correct.

I litterally copy/paste

and it works

root@vps701904:~# curl -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify"      -H "Authorization: Bearer <API_KEY>"      -H "Content-Type:application/json"
{"result":{"id":"<redacted>","status":"active"},"success":true,"errors":[],"messages":[{"code":10000,"message":"This API Token is valid and active","type":null}]}

using the same api key

Couldn’t replicate the issue.

➜ caddy -version
Caddy v1.0.1 (h1:oor6ep+8NoJOabpFXhvjqjfeldtw1XSzfISVrbfqTKo=)

➜  env CLOUDFLARE_EMAIL=[snip] CLOUDFLARE_API_KEY=[snip] caddy -agree -log stdout -host whitestrake.net "tls {" "dns cloudflare" "}"
2019/07/18 15:33:34 [INFO][cache:0xc0000aa410] Started certificate maintenance routine
Activating privacy features... 2019/07/18 15:33:44 [INFO] Certificate for [whitestrake.net] expires in 334h4m3.275175s; attempting renewal
2019/07/18 15:33:46 [INFO] [whitestrake.net] acme: Trying renewal with 334 hours remaining
2019/07/18 15:33:46 [INFO] [whitestrake.net] acme: Obtaining bundled SAN certificate
2019/07/18 15:33:48 [INFO] [whitestrake.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/uZUpepRcIlgAwv7aoJ4tSlZa7Sn1bgzNhJD1JwG5-FQ
2019/07/18 15:33:48 [INFO] [whitestrake.net] acme: Could not find solver for: tls-alpn-01
2019/07/18 15:33:48 [INFO] [whitestrake.net] acme: Could not find solver for: http-01
2019/07/18 15:33:48 [INFO] [whitestrake.net] acme: use dns-01 solver
2019/07/18 15:33:48 [INFO] [whitestrake.net] acme: Preparing to solve DNS-01
2019/07/18 15:33:49 [INFO] cloudflare: new record for whitestrake.net, ID da4b06f9c79b8e0d90f694422134dad0
2019/07/18 15:33:49 [INFO] [whitestrake.net] acme: Trying to solve DNS-01
2019/07/18 15:33:49 [INFO] [whitestrake.net] acme: Checking DNS record propagation using [10.0.0.1:53]
2019/07/18 15:33:49 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2019/07/18 15:33:49 [INFO] [whitestrake.net] acme: Waiting for DNS record propagation.
2019/07/18 15:33:51 [INFO] [whitestrake.net] acme: Waiting for DNS record propagation.
2019/07/18 15:33:54 [INFO] [whitestrake.net] acme: Waiting for DNS record propagation.
2019/07/18 15:33:57 [INFO] [whitestrake.net] The server validated our request
2019/07/18 15:33:57 [INFO] [whitestrake.net] acme: Cleaning DNS-01 challenge
2019/07/18 15:33:58 [INFO] [whitestrake.net] acme: Validations succeeded; requesting certificates
2019/07/18 15:34:00 [INFO] [whitestrake.net] Server responded with a certificate.
done.

If it is related to API key permissions, you might need to sort that out with Cloudflare.

1 Like

If I remember correctly, the requirement to have ‘Bearer’ in the authorization header is new and part of Cloudflare’s API key limited permissions beta, so the CF DNS plugin may not be sending ‘Bearer’.