Error determining zone_id: 10104 Max auth failures

#1

I am trying to use DNS auth plugin for certbot. Recently started getting “Error determining zone_id: 10104 Max auth failures.” And I can’t find any information about the error. I’ve changed the key, its correct.

I am also trying to rewnew domains that are not in my account but I have Administrator access to, invited as Admin.

The funniest thing is that out of 12 domains it renewed the second one it attempted this morning.

Any clues ?

#2

Have you checked if all credentials are in order? That error message would suggest some authentication attempt failed more than once.

#3

Looking through source code exception is from inside function _find_zone_id which tries to Find the zone_id for a given domain using CF API:

try:
    ...
except CloudFlare.exceptions.CloudFlareAPIError as e:
    ...

    raise errors.PluginError('Error determining zone_id: {0} {1}. Please confirm that '
        'you have supplied valid Cloudflare API credentials.{2}'
        .format(code, e, ' ({0})'.format(hint) if hint else ''))

So certbot failed to find the zone_id for your domain because of API error (e in code) but I cannot find more info on error code 10104 in API documentation.

3 Likes
#4

Actually plain curl requests to https://api.cloudflare.com/client/v4/zones is returning:
{“success”:false,“errors”:[{“code”:10104,“message”:“Max auth failures. Please wait”}],“messages”:,“result”:null}

And I am unable to find any info about that.

#5

Yes, wrong credentials, return different error.

#6

Have you changed the credentials at any given point? Maybe you have the correct ones now but used wrong ones before and hence still have a temporarily suspended account.

I would open a support ticket. Support should be able to clarify this best.

#7

I’ve changed them after getting this error. Also gave it few hours before trying again, as the message says “Please wait.”.
Thanks!
I will contact the support team.

#8

I’ve narrowed it down to my IP being limited. The support is still silent. Any clues ?

#9

Post the ticket number here.

#10

Ticket number is 1688231, Thanks!

#11

@cloonan

2 Likes
#12

Thank you, I see the ticket and added myself to it.

1 Like
#13

Hi @boian.mihailov, assuming there are no errors with your auth email and auth key, can you share the output of https://api.cloudflare.com/cdn-cgi/trace from the location you are running these API requests?

#14

Hey @cloonan, yes the auth details are correct. Same curl call works well on my workstation. Here is the output:
fl=21f193
h=api.cloudflare.com
ip=2a01:7e00::f03c:91ff:fe88:5f45
ts=1558371222.263
visit_scheme=https
uag=curl/7.47.0
colo=LHR
http=http/1.1
loc=GB
tls=TLSv1.2
sni=plaintext
warp=off

1 Like
#15

Perfect, thank you. I’ve added that detail to the ticket and I see that the engineer has escalated it appropriately.

1 Like
#16

Thanks a lot for helping out.

#17

Same thing here, @boian.mihailov, здравей.

I cannot use the CloudFlare API, maybe that can be escalated in some way?

#18

Same for me - in this thread Getting 429 Too Many Requests on api cache clear calls

1 Like
#19

I’ve got support ticket opened and waiting for the team to reply. They are already investigating the issue. In my case I believe I triggered a protection mechanism.

1 Like
#20

@petetak notice we are in the same ipv6 subnet 2a01:7e00::f03c:91ff:fe ?