Minimum permissions required for letsencrypt certbot

I am using cerbot - with the “–dns-cloudflare” plugin in order to use DNS verification to generate certificates.

I tried setting up a new API Token (not API Key) with edit zone permissions to the domain that I am using, however this does not work. When I put in my Global API Key - that works.

This seems somewhat insecure considering this key has access across my entire account.

Can anything be done to make certbot work with a API Token that is specific to that domain that I am trying to get a certificate for?

The issue has been reported to certbot team

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.