Error determining zone_id: 10104 Max auth failures

I am trying to use DNS auth plugin for certbot. Recently started getting “Error determining zone_id: 10104 Max auth failures.” And I can’t find any information about the error. I’ve changed the key, its correct.

I am also trying to rewnew domains that are not in my account but I have Administrator access to, invited as Admin.

The funniest thing is that out of 12 domains it renewed the second one it attempted this morning.

Any clues ?

Have you checked if all credentials are in order? That error message would suggest some authentication attempt failed more than once.

Looking through source code exception is from inside function _find_zone_id which tries to Find the zone_id for a given domain using CF API:

try:
    ...
except Cloudflare.exceptions.CloudflareAPIError as e:
    ...

    raise errors.PluginError('Error determining zone_id: {0} {1}. Please confirm that '
        'you have supplied valid Cloudflare API credentials.{2}'
        .format(code, e, ' ({0})'.format(hint) if hint else ''))

So certbot failed to find the zone_id for your domain because of API error (e in code) but I cannot find more info on error code 10104 in API documentation.

3 Likes

Actually plain curl requests to https://api.cloudflare.com/client/v4/zones is returning:
{“success”:false,“errors”:[{“code”:10104,“message”:“Max auth failures. Please wait”}],“messages”:,“result”:null}

And I am unable to find any info about that.

Yes, wrong credentials, return different error.

Have you changed the credentials at any given point? Maybe you have the correct ones now but used wrong ones before and hence still have a temporarily suspended account.

I would open a support ticket. Support should be able to clarify this best.

I’ve changed them after getting this error. Also gave it few hours before trying again, as the message says “Please wait.”.
Thanks!
I will contact the support team.

I’ve narrowed it down to my IP being limited. The support is still silent. Any clues ?

Post the ticket number here.

Ticket number is 1688231, Thanks!

@cloonan

2 Likes

Thank you, I see the ticket and added myself to it.

1 Like

Hi @boian.mihailov, assuming there are no errors with your auth email and auth key, can you share the output of https://api.cloudflare.com/cdn-cgi/trace from the location you are running these API requests?

Hey @cloonan, yes the auth details are correct. Same curl call works well on my workstation. Here is the output:
fl=21f193
h=api.cloudflare.com
ip=2a01:7e00::f03c:91ff:fe88:5f45
ts=1558371222.263
visit_scheme=https
uag=curl/7.47.0
colo=LHR
http=http/1.1
loc=GB
tls=TLSv1.2
sni=plaintext
warp=off

1 Like

Perfect, thank you. I’ve added that detail to the ticket and I see that the engineer has escalated it appropriately.

1 Like

Thanks a lot for helping out.

Same thing here, @boian.mihailov, здравей.

I cannot use the Cloudflare API, maybe that can be escalated in some way?

Same for me - in this thread Getting 429 Too Many Requests on api cache clear calls - #2 by petetak

1 Like

I’ve got support ticket opened and waiting for the team to reply. They are already investigating the issue. In my case I believe I triggered a protection mechanism.

1 Like

@petetak notice we are in the same ipv6 subnet 2a01:7e00::f03c:91ff:fe ?