Certbot: dns_cloudflare_email: command not found

Hi

I’m fairly new to LetsEncrypt and I’m trying to build a certificate generation function to provide a cert for my Palo Alto firewall using the Certbot command with not much luck.

I have a VM running Debian to use for this and I’ve installed the following:

openssl
pan-python
certbot
certbot-dns-cloudflare

I’ve generated an API token on Cloudflare and created a.cloudflare.ini file containing my email address (Email associated with my Cloudflare account) and the global key in this format:

dns_cloudflare_email = [email address]
dns_cloudflare_api_key = [global api key]

I’ve run this to add the creds of my firewall

panxapi.py -h [Management IP of my PAN firewall] -l [firewall username]:’[firewall password]’ -k >> ~/.panrc

However, when I try to run the initial configuration using Certbot…

/home/[my local user]/.cloudflare.ini -d *.[my debian vm hostname].local --preferred-challenges dns-01

I get this error:

/home/aled/ .cloudflare.ini: line 1: dns_cloudflare_email: command not found
/home/aled/ .cloudflare.ini: line 2: dns_cloudflare_api_key: command not found

What am I doing wrong?

Thanks in advance

Aled

You seem to be trying to execute the configuration file instead of the certbot executable and it then tries to execute the configuration parameters in it. That can’t work. You need to pass the configuration file as argument to the executable. Welcome to certbot-dns-cloudflare’s documentation! — certbot-dns-cloudflare 0 documentation has more.

Though, this is not strictly a Cloudflare related question, so https://community.letsencrypt.org would be a better place for details.

1 Like

Thanks for the speedy response Sandro

Should it look more like this:

cloudflare-credentials /home/[my local user]/.cloudflare.ini -d *.[my debian vm hostname].local --preferred-challenges dns-01

When I run that it gives me this error:

bash: cloudflare-credentials: command not found

Is that due to a missing plugin or something?

Thanks again

Aled

I am not sure what “cloudflare-credentials” is but your shell doesn’t either :slight_smile:

You need to check out the documentation and follow the instructions on how to call the exectuable. If something is not clear it is best to clarify it at mentioned forum, for here it would be a bit off topic.

Alternatively, you can also look into Cloudflare’s own Origin certificates

1 Like

Only thing, they only work in a proxied context, but using Cloudflare you’ll be most likely using the proxies anyhow.

Thanks for your help Sandro. It is appreciated. I’m pretty new to this type of thing, so it’s been a steep learning curve!

The guidance I’ve followed led me to use Cloudflare for DNS, whereas in the past I had used AWS - Route 53 for a similar function. All I really need is a cert for my Palo Alto VPN portal at the moment, but having the means to generate certs would be very useful for future projects.

I will pursue the LetsEncrypt avenue as you suggested

Thanks again

Aled

Using Cloudflare just for DNS is a bit of an overkill. One typically uses Cloudflare for its proxy features, but of course you can use it for just DNS as well.

If you want to stick with Lets Encrypt you might also want to check out GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol as that is a bit easier than certbot, but of course that’s mostly a preference thing.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.