Minimum permissions required for letsencrypt certbot

I am using cerbot - with the “–dns-cloudflare” plugin in order to use DNS verification to generate certificates.

I tried setting up a new API Token (not API Key) with edit zone permissions to the domain that I am using, however this does not work. When I put in my Global API Key - that works.

This seems somewhat insecure considering this key has access across my entire account.

Can anything be done to make certbot work with a API Token that is specific to that domain that I am trying to get a certificate for?

The issue has been reported to certbot team


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Certbot API tokens have been approved, slated for v1.2.0