Let's Encrypt add-on wild card certs not working

Tags: #<Tag:0x00007f7397a4a198>

I’m trying to get wildcard certs working in the Let’s Encrypt add-on ver 4.10.0 using dns-cloudflare and cloudflare_api_token. Using ha.mydomain.com in the configuration creates the certs correctly. If I enter *.mydomain.com as shown in the docs, I get Invalid YAML:

email: [email protected]
  - *.mydomain.com
certfile: fullchain.pem
keyfile: privkey.pem
challenge: dns
  provider: dns-cloudflare
  cloudflare_email: [email protected]
  cloudflare_api_token: QN6R-wL_kpD

1 Like

EDIT: error message below was because I had the wrong option (key vs token). It worked by escaping the domain with ’ => - ‘*,mydomin’

I just ran into the same problem.
I’ve tried:
Escaped the string with ’ and "
Modifed the POST-request to include the * (skipping the frontend validation)

Both cases the option gets saved as:

 $ ha addons info core_letsencrypt
 - '*.mydomain.com'

When I run the addon I get the following error:

Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.7.1)

Which I guess is because the domain is set to ‘*.mydomain.com’ instead of *.mydomain.com ?

Thanks @ekurin, I had just figured it our myself. Using

 - '*.mydomain.com'

now works fine for me and I get the wildcard cert. For your error, make sure that you are using cloudflare_api_token: and not cloudflare_api_key:
There is more infor about the error here: https://github.com/home-assistant/hassio-addons/issues/1221