Cfca getcert does not take in api key file


I am trying to use cfca getcert from to generate
server-side certificates using the following code:

  local __dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" # dir no slash
  local apiKeyFile="${__dir}/$2" hostnames="$1"
  local crtOut="${__dir}/cert.crt"
  local keyOut="${__dir}/cert.key"

  cfca getcert \
    -hostnames "${hostnames}" \
    -certificate-out "$crtOut" \
    -key-out "${keyOut}" \
    -api-file-key "${apiKeyFile}"

installCertificates 'sld.tld' 'api.key'

Result(s) when using the option -api-key-file

  • proper path to file only containing the User-Service-Key
2018/08/15 14:31:18 [INFO] generate received request
2018/08/15 14:31:18 [INFO] received CSR
2018/08/15 14:31:18 [INFO] generating key: rsa-2048
2018/08/15 14:31:18 [INFO] encoded CSR
Cloudflare Certificate API Token:
2018/08/15 14:31:22 [FATAL] Could not obtain API token.

What structure does the key file need to have or is there something else we are doing wrong?

Our current functioning work around is to export the environment variable CF_API_KEY, set to the contents of the api key file, prior to calling cfca and subsequently unsetting it but this is not preferable.

same here.

it would be nice if the format of the -api-key-file is documented somewhere.