Cloudflare DevelopersCD
Cloudflare Developers16mo ago
AdhirajKinlekar

Unable to create certificates for wildcard domains

What is the name of the domain?
veryown.in

What is the error message?
while attempting to find Zones for domain _acme-challenge.veryown.in. while querying the Cloudflare API for GET /zones?name=_acme-challenge.veryown.in” Error: 9109: Max auth failures reached, please check your Authorization header.

What is the issue you’re encountering
I trying to create a certificate using cloudflare, cert manager, letsencrypt on my kubernetes cluster. but anytime i create trying to create the certificate for a wildcard domain it returns an error as mentioned. It works properly if i use “veryown.in” but fails for *.veryown.in

What steps have you taken to resolve the issue?
Created multiple tokens with recommended settings.

Cloudfare configuration -
zones - All zones - DNS:Read, DNS:Edit
Records - veryown.in, .veryown.in

What feature, service or problem is this related to?
DNS records

What are the steps to reproduce the issue?
In kubernetes,

create a ClusterIssuer and a cert-manager object

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: adhirajkkinlekar@gmail.com
server: https://acme-v02.api.letsencrypt.org/directory # Use the production Let’s Encrypt server
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-api-token-secret
key: api-token
selector:
dnsZones:
- veryown.in


```
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: veryown-in-tls
namespace: default
spec:
secretName: veryown-in # Specifies where the certificate must be stored after it is obtained by the cert manager
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
commonName: veryown. # Only include the top-level domain in
dnsNames:
  • veryown.in
.veryown.in
create the token
kubectl create secret generic cloudflare-api-token-secret
–from-literal=api-token=<token>```
Untitled.png
Was this page helpful?