Failed to validate requested hostname identity.sandbox.limepay.com.au: This zone is either not part of your account, or you do not have access to it. Please contact support if using a multi-user organization
What is the issue you’re encountering
Cloudflare seem to be confused by our account. We have some free sites, but also some Pro (including this one) and Business sites. When I raised a ticket on this issue selecting the pro site limepay.com.au
What steps have you taken to resolve the issue?
I raised a support ticket twice but each time I get an auto-response from Cloudflare saying I should upgrade to Pro or Business to raise tickets.
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Strict (SSL-Only Origin Pull)
What are the steps to reproduce the issue?
We use cloudflare origin ca issuer to generate certificates for our K8 services. This failed for one of our services recently with this error:
Failed to sign certificate request: unable to sign request: Cloudflare API Error code=1010 message=Failed to validate requested hostname identity.sandbox.limepay.com.au: This zone is either not part of your account, or you do not have access to it. Please contact support if using a multi-user organization.
The case number for the original ticket is 01124686. The second ticket is 01134252
We are using Advanced Certificate Manager to take advantage of Cloudflare WAF and CDN support. We setup the certification packs using terraform. We have something like 20 sub-domains set up this way, and this is the only sub-domain where auto-renewal of the internal certificate failed.
The domains on Cloudflare are setup to achieve A+ SSL rating SSL Labs test plus some other headers to achieve PCI compliance:
For services proxied via Cloudflare and subject to double TLS termination, we annotate the Ingress resource to use origin-ca Issuer which will automatically generate a Kubernetes TLS secret via cert-manager (using DNS validation).