I’ve disabled my firewall trying to make this work but not sure how to diagnose this further. There is no .htaccess that I’m aware about in nextcloud that would be blocking this. The logs show that the cpu/ram have been fine and nothing is overloaded as per their troubleshooting page Troubleshooting Cloudflare 5XX errors · Cloudflare Support docs
When I run the command
‘’’ Shell
CLOUDFLARE_EMAIL=example@gmail(dot)com
CLOUDFLARE_DNS_API_TOKEN=*****************************
lego --dns cloudflare --domains example.com --email example@gmail.com run
‘’’
Everything runs fine. I manually added the Global API but since switched to API Token with DNS-configrules/dynamic redirect/zone settings/SSL certs/DNS-(all set to edit). Not opposed to using the global API, but just trying to diagnose the problem.
The IP that cloudflare DNS example.com is pointing to with Type A is from the command below. All name servers are working properly.
‘’’ Shell
curl ifconfig.co
‘’’
I’ve changed the Cloudflare “Always use HTTPS” on/off (currently off).
Did you forget to mention the actual issue in your post? I at least was not able to find it besides “Everything just runs fine”.
I’m using Cloudflare DNS to get ACME certificates, too. The key has “Edit Zone DNS” permissions for the respective domain. Could probably be locked down more, but it’s for an internal domain for my homelab, so whatever. Using security.acme instead of manually calling a client and things work just smoothly. Here is the configuartion
Oh I did forget to mention the issue. It’s a 522 Connection problem. I was wondering if I’m messing it up on the security.acme.EnvironmentFile which leads to a file with no extension and something like:
‘’‘’ CLOUDFLARE_EMAIL=example@gmail.com
CLOUDFLARE_API_KEY=******************************
lego --dns cloudflare --domains www.example.com --email example@gmail.com run
‘’‘’
It says that 522 error is a time out and tried to traceroute but i’m not an expert at this and first time doing all this. The bash command above works if i run it in the terminal but I didn’t create it as an actual bash script but notice when I do that there is no difference?
Maybe my issue is with the Type A IP that I’m putting in? Is that how to correctly to in my public IP? curl ifconfig.co
I modified my config to be similar to yours and still throwing the same errors. Here’s what the terminal is showing me:
Feb 17 12:08:45 jimsimons acme-ow0w.com-start[140294]: + cmp -s domainhash.txt certificates/domainhash.txt
Feb 17 12:08:45 jimsimons acme-ow0w.com-start[140294]: + lego --accept-tos --path . -d example.com --email example@gmail.com --key-type ec256 --dns cloudflare --dns.resolvers 1.1.1.1:53 -d ‘*.example.com’ run
Feb 17 12:08:46 jimsimons acme-ow0w.com-start[140318]: 2024/02/17 12:08:46 cloudflare: some credentials information are missing: CLOUDFLARE_API_KEY or some credentials information are missing: CLOUDFLARE_DNS_API_TOKEN,CLOUDFLARE_ZONE_API_TOKEN
Feb 17 12:08:46 jimsimons acme-ow0w.com-start[140294]: + echo Failed to fetch certificates. This may mean your DNS records are set up incorrectly.
Feb 17 12:08:46 jimsimons acme-ow0w.com-start[140294]: Failed to fetch certificates. This may mean your DNS records are set up incorrectly.
Feb 17 12:08:46 jimsimons acme-ow0w.com-start[140294]: + exit 10
Feb 17 12:08:46 jimsimons systemd[1]: acme-ow0w.com.service: Main process exited, code=exited, status=10/n/a
Feb 17 12:08:46 jimsimons systemd[1]: acme-ow0w.com.service: Failed with result ‘exit-code’.
Feb 17 12:08:46 jimsimons systemd[1]: Failed to start Renew ACME certificate for example.com.