Cloudflare DNS incorrectly handles multi-domain when using two API keys/tokens

Question

Cloudflare DNS incorrectly handles multi-domain when using two API keys/tokens

Mailstorm-ctrl opened this issue 2 years ago · 4 comments

Describe the bug
When the base getssl.conf file uses an API TOKEN instead of an API KEY, any domain specific getssl.conf will be ignored if the domain specific getssl.conf file uses an API KEY

To Reproduce
Have a multi-domain tenant in Cloudflare (Domain 1 & Domain 2)

In the base "template" getssl.conf file, use the CF_API_TOKEN and CF_ZONE_ID variables that target domain 1.
In a domain specific getssl.conf file, use CF_EMAIL and CF_KEY instead
In the domain specific getssl.conf file, add Domain 2 to the SANS section
Run getssl

Expected behavior
I expect CF_EMAIL and CF_KEY to be used over CF_API_TOKEN and CF_ZONE_ID if present in a domain specific getssl

Operating system (please complete the following information):

OS: Debian 11
Bash Version: version 5.1.4(1)-release (x86_64-pc-linux-gnu)

Additional context
Honestly, I'm not entirely sure how to correct this without an additional export in the conf file to specific which key/token to use. I'm mostly putting this out there so if someone else runs into this use case they can find the reason why here.

Answer 1 · 2023-05-08T17:19:24.000Z

Hi @Mailstorm-ctrl

I've only just found time to look at this, could you put something like:
CF_API_TOKEN=
into the domain specific getssl.conf file so the variable is cleared and the API KEY is used for Domain 2?

Answer 2 · 2023-08-25T02:48:02.000Z

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

Answer 3 · 2023-09-18T01:00:46.000Z

Super late but yes, just setting the vars to "" worked.

Thank you!

Answer 4 · 2023-09-22T17:36:04.000Z

@Mailstorm-ctrl thanks for letting me know if worked!