I am creating a wildcard cert using dns-01 authentication for Cloudflare DNS. I created CloudFlare API per instruction here Cloudflare DNS | Certify The Web Docs
And I tested in the Stored Credentials and it looks good
But when I runt he test for the certificate, I got this error
Cloudflare DNS API :: Could not add dns record _acme-challenge-test.mydomain.net to zone 467cretry56565c43a7cc82fe. Result: Forbidden - {"success":false,"errors":[{"code":10000,"message":"Authentication error"}]}
Can someone please help me?
Thank you
Hi,
When you use the cloudflare DNS provider for DNS validation you will need to setup your API token to have both Read and Edit permissions in cloudflare for the DNS zone (domain) you want to work with. This error suggests it either cannot read or more likely cannot write to that zone. The “Test” option of the Stored Credentials settings UI performs a DNS zone list lookup (read)
You should also check whether you setup a global API key or an API Token (this is a distinction Cloudflare have because they started by offering global API keys then introduced the more fine grained API Tokens). You can replace the cloudflare credentials using the Replace option. API Tokens are better for security but have to be assigned specific permissions.
On your managed certificate itself check you have set the Zone ID (click the … and a dropdown of zones will appear, select the one that matches your domain). Then click “Test” in that UI and it will try to create and delete a test DNS record in that zone. If it cannot then the credentials selected do not have the required permission in Cloudflare.
Thanks for your help. My mistake was that when I followed this instruction Cloudflare DNS | Certify The Web Docs I forgot to do this step
Add Zone > DNS > Edit
1 Like
