[GH-ISSUE #1283] Cloudflare DNS not finding zone #7835

Closed
opened 2026-03-12 22:59:11 +03:00 by kerem · 8 comments
Owner

Originally created by @Glujaz on GitHub (Aug 2, 2025).
Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/1283

Describe the bug
I am trying to generate an SSL certificate within nginx ui.
I created the dns credentials and ACME user. When issuing a certificate, I get an error that it can not find the correct zone :

obtain cert error: error: one or more domains had a problem: [.glujaz.fr] [.glujaz.fr] acme: error presenting token: cloudflare: failed to find zone fr.: zone could not be found [glujaz.fr] [glujaz.fr] acme: error presenting token: cloudflare: failed to find zone fr.: zone could not be found

(real domain name replaced)
The token is valid, otherwise I would have gotten an error (already tested with a bad token), and the zone exist under glujaz.fr and is readable and modifiable as per cloudflare API token settings.

I even made a fresh reinstall on a dedicated LXC container to be sure that it was not my configuration

I have the feeling it is not sending the correct domain chain to the command which executes the certificates (which I understood, is not Certbot)

To Reproduce

This is what I did on the temporally newly created install

Create a new LXC container with debian 12.
Execute:
apt update
apt upgrade
apt install nano curl nginx
bash -c "$(curl -L https://cloud.nginxui.com/install.sh)" @ install

finish the configuration of nginx (user = admin, password=adminadmin)

On cloudflare, login in, go to account, and API Token.
Create a new one, rename it "Nginx UI"
Set rules:
Autorisation : Zone, DNS, Modify
Ressources of the zone : include, all zones

Then, get the token key
(cloud flare is not in English, maybe my translation are wrong)

in nginx ui freshly installed:

Acme User, create a new one : type a describing name, and an email, leave the rest as default

DNS credentials: add
Type is describing name
Set cloudflare
put the token key in "CF_DNS_API_TOKEN" (though CLOUDFLARE_DNS_API_TOKEN seems to also work)

save and go to certificates list, and issue certificate

Set wildcard (the problem is the same also for a specific domaine)
Set domain name : glujaz.fr (*. is added by nginx UI)
key type as default (EC256)
Acme user : select the unique one, just created
DNS provider : Cloudflare
Credentials : select the unique one, just created

Don't change anything else, and hit next

Expected behavior
Nginx UI finds glujaz.fr zone, and do the TXT change, and Obtaining the certificate

Info (please complete the following information):

  • Server OS:Debian 12 (LXC)
  • Server Arch: x86
  • Nginx UI Version: 2.1.14
  • Your Browser: Safari

Additional context
I made a mistake and hade to reinstall NGINX fully, while keeping nginx UI. the reinstall removed my previously configured certificates, so I wanted to reconfigure it. However, even with a fresh install, the problem of connecting to cloudflare is still existant.

Originally created by @Glujaz on GitHub (Aug 2, 2025). Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/1283 **Describe the bug** I am trying to generate an SSL certificate within nginx ui. I created the dns credentials and ACME user. When issuing a certificate, I get an error that it can not find the correct zone : obtain cert error: error: one or more domains had a problem: [*.glujaz.fr] [*.glujaz.fr] acme: error presenting token: cloudflare: failed to find zone fr.: zone could not be found [glujaz.fr] [glujaz.fr] acme: error presenting token: cloudflare: failed to find zone fr.: zone could not be found (real domain name replaced) The token is valid, otherwise I would have gotten an error (already tested with a bad token), and the zone exist under glujaz.fr and is readable and modifiable as per cloudflare API token settings. I even made a fresh reinstall on a dedicated LXC container to be sure that it was not my configuration I have the feeling it is not sending the correct domain chain to the command which executes the certificates (which I understood, is not Certbot) **To Reproduce** This is what I did on the temporally newly created install Create a new LXC container with debian 12. Execute: apt update apt upgrade apt install nano curl nginx bash -c "$(curl -L https://cloud.nginxui.com/install.sh)" @ install finish the configuration of nginx (user = admin, password=adminadmin) On cloudflare, login in, go to account, and API Token. Create a new one, rename it "Nginx UI" Set rules: Autorisation : Zone, DNS, Modify Ressources of the zone : include, all zones Then, get the token key (cloud flare is not in English, maybe my translation are wrong) in nginx ui freshly installed: Acme User, create a new one : type a describing name, and an email, leave the rest as default DNS credentials: add Type is describing name Set cloudflare put the token key in "CF_DNS_API_TOKEN" (though CLOUDFLARE_DNS_API_TOKEN seems to also work) save and go to certificates list, and issue certificate Set wildcard (the problem is the same also for a specific domaine) Set domain name : glujaz.fr (*. is added by nginx UI) key type as default (EC256) Acme user : select the unique one, just created DNS provider : Cloudflare Credentials : select the unique one, just created Don't change anything else, and hit next **Expected behavior** Nginx UI finds glujaz.fr zone, and do the TXT change, and Obtaining the certificate **Info (please complete the following information):** - Server OS:Debian 12 (LXC) - Server Arch: x86 - Nginx UI Version: 2.1.14 - Your Browser: Safari **Additional context** I made a mistake and hade to reinstall NGINX fully, while keeping nginx UI. the reinstall removed my previously configured certificates, so I wanted to reconfigure it. However, even with a fresh install, the problem of connecting to cloudflare is still existant.
kerem 2026-03-12 22:59:11 +03:00
  • closed this issue
  • added the
    bug
    label
Author
Owner

@0xJacky commented on GitHub (Aug 2, 2025):

Hi, you can try again in a few hours or after a couple of days.

<!-- gh-comment-id:3146419753 --> @0xJacky commented on GitHub (Aug 2, 2025): Hi, you can try again in a few hours or after a couple of days.
Author
Owner

@0xJacky commented on GitHub (Aug 2, 2025):

At least I can issue certificates with Cloudflare DNS normally.

2025/08/02 18:40:14 [INFO] [*.uozi.com] acme: use dns-01 solver

2025/08/02 18:40:14 [INFO] [uozi.com] acme: Could not find solver for: tls-alpn-01

2025/08/02 18:40:14 [INFO] [uozi.com] acme: Could not find solver for: http-01

2025/08/02 18:40:14 [INFO] [uozi.com] acme: use dns-01 solver

2025/08/02 18:40:14 [INFO] [*.uozi.com] acme: Preparing to solve DNS-01

2025/08/02 18:40:16 [INFO] cloudflare: new record for uozi.com, ID ***

2025/08/02 18:40:16 [INFO] [uozi.com] acme: Preparing to solve DNS-01

2025/08/02 18:40:16 [INFO] cloudflare: new record for uozi.com, ID ***

2025/08/02 18:40:16 [INFO] [*.uozi.com] acme: Trying to solve DNS-01

2025/08/02 18:40:16 [INFO] [*.uozi.com] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]

2025/08/02 18:40:18 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]

2025/08/02 18:40:19 [INFO] [*.uozi.com] acme: Waiting for DNS record propagation.

2025/08/02 18:40:28 [INFO] [*.uozi.com] The server validated our request

2025/08/02 18:40:28 [INFO] [uozi.com] acme: Trying to solve DNS-01

2025/08/02 18:40:28 [INFO] [uozi.com] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]

2025/08/02 18:40:30 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]

2025/08/02 18:40:37 [INFO] [uozi.com] The server validated our request

2025/08/02 18:40:37 [INFO] [*.uozi.com] acme: Cleaning DNS-01 challenge

2025/08/02 18:40:37 [INFO] [uozi.com] acme: Cleaning DNS-01 challenge

2025/08/02 18:40:37 [INFO] [*.uozi.com, uozi.com] acme: Validations succeeded; requesting certificates

2025/08/02 18:40:42 [INFO] [*.uozi.com] Server responded with a certificate.
<!-- gh-comment-id:3146427063 --> @0xJacky commented on GitHub (Aug 2, 2025): At least I can issue certificates with Cloudflare DNS normally. ``` 2025/08/02 18:40:14 [INFO] [*.uozi.com] acme: use dns-01 solver 2025/08/02 18:40:14 [INFO] [uozi.com] acme: Could not find solver for: tls-alpn-01 2025/08/02 18:40:14 [INFO] [uozi.com] acme: Could not find solver for: http-01 2025/08/02 18:40:14 [INFO] [uozi.com] acme: use dns-01 solver 2025/08/02 18:40:14 [INFO] [*.uozi.com] acme: Preparing to solve DNS-01 2025/08/02 18:40:16 [INFO] cloudflare: new record for uozi.com, ID *** 2025/08/02 18:40:16 [INFO] [uozi.com] acme: Preparing to solve DNS-01 2025/08/02 18:40:16 [INFO] cloudflare: new record for uozi.com, ID *** 2025/08/02 18:40:16 [INFO] [*.uozi.com] acme: Trying to solve DNS-01 2025/08/02 18:40:16 [INFO] [*.uozi.com] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53] 2025/08/02 18:40:18 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s] 2025/08/02 18:40:19 [INFO] [*.uozi.com] acme: Waiting for DNS record propagation. 2025/08/02 18:40:28 [INFO] [*.uozi.com] The server validated our request 2025/08/02 18:40:28 [INFO] [uozi.com] acme: Trying to solve DNS-01 2025/08/02 18:40:28 [INFO] [uozi.com] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53] 2025/08/02 18:40:30 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s] 2025/08/02 18:40:37 [INFO] [uozi.com] The server validated our request 2025/08/02 18:40:37 [INFO] [*.uozi.com] acme: Cleaning DNS-01 challenge 2025/08/02 18:40:37 [INFO] [uozi.com] acme: Cleaning DNS-01 challenge 2025/08/02 18:40:37 [INFO] [*.uozi.com, uozi.com] acme: Validations succeeded; requesting certificates 2025/08/02 18:40:42 [INFO] [*.uozi.com] Server responded with a certificate. ```
Author
Owner

@Glujaz commented on GitHub (Aug 2, 2025):

Ok, I'll try later then.
I was stuck on this from 00h UTC to 10h UTC, so it is a bit long in my opinion.
I have made a lot of request though, maybe this is the reason.
I'll try tomorrow and be back for any news. I use a manually created certificate in the mean time, generated with Certbot.

<!-- gh-comment-id:3146433242 --> @Glujaz commented on GitHub (Aug 2, 2025): Ok, I'll try later then. I was stuck on this from 00h UTC to 10h UTC, so it is a bit long in my opinion. I have made a lot of request though, maybe this is the reason. I'll try tomorrow and be back for any news. I use a manually created certificate in the mean time, generated with Certbot.
Author
Owner

@Glujaz commented on GitHub (Aug 3, 2025):

I just tried it again (18h UTC), and the problem is still here. I guess I have a strange domain name ? (not so strange, it is almost the same as the example given, in .fr...).

When I look at the logs, I don't see anything special. Can you tell me where the tools for generating the certificates are, so I can to a manual try on my side as well ?

<!-- gh-comment-id:3148621605 --> @Glujaz commented on GitHub (Aug 3, 2025): I just tried it again (18h UTC), and the problem is still here. I guess I have a strange domain name ? (not so strange, it is almost the same as the example given, in .fr...). When I look at the logs, I don't see anything special. Can you tell me where the tools for generating the certificates are, so I can to a manual try on my side as well ?
Author
Owner

@Glujaz commented on GitHub (Aug 3, 2025):

Here is the full output for a specific domain (which I also tried)

Getting the certificate, please wait...
[Nginx UI] Preparing lego configurations
[Nginx UI] ACME User: System Initial User, Email: email@glujaz.fr, CA Dir: https://acme-v02.api.letsencrypt.org/directory
[Nginx UI] Creating client facilitates communication with the ÇA server
[Nginx UI] Setting DNS01 challenge provider
[Nginx UI] Setting environment variables
[Nginx UI] Obtaining certificate
2025/08/03 18:40:25 [INFO] [media.glujaz.fr] acme: Obtaining bundled SAN certificate
2025/08/03 18:40:25 [INFO] [media.glujaz.fr] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/########### (removed value myself)
2025/08/03 18:40:25 [INFO] [media.glujaz.fr] acme: Could not find solver for: tls-alpn-01
2025/08/03 18:40:25 [INFO] [media.glujaz.fr] acme: Could not find solver for: http-01
2025/08/03 18:40:25 [INFO] [media.glujaz.fr] acme: use dns-01 solver
2025/08/03 18:40:25 [INFO] [media.glujaz.fr] acme: Preparing to solve DNS-01
2025/08/03 18:40:26 [INFO] [media.glujaz.fr] acme: Cleaning DNS-01 challenge
2025/08/03 18:40:27 [WARN] [media.glujaz.fr] acme: cleaning up failed: cloudflare: failed to find zone fr.: zone could not be found
2025/08/03 18:40:27 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/########### (removed value myself)
obtain cert error: error: one or more domains had a problem: [media.glujaz.fr] [media.glujaz.fr] acme: error presenting token: cloudflare: failed to find zone fr.: zone could not be found
<!-- gh-comment-id:3148626210 --> @Glujaz commented on GitHub (Aug 3, 2025): Here is the full output for a specific domain (which I also tried) ``` Getting the certificate, please wait... [Nginx UI] Preparing lego configurations [Nginx UI] ACME User: System Initial User, Email: email@glujaz.fr, CA Dir: https://acme-v02.api.letsencrypt.org/directory [Nginx UI] Creating client facilitates communication with the ÇA server [Nginx UI] Setting DNS01 challenge provider [Nginx UI] Setting environment variables [Nginx UI] Obtaining certificate 2025/08/03 18:40:25 [INFO] [media.glujaz.fr] acme: Obtaining bundled SAN certificate 2025/08/03 18:40:25 [INFO] [media.glujaz.fr] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/########### (removed value myself) 2025/08/03 18:40:25 [INFO] [media.glujaz.fr] acme: Could not find solver for: tls-alpn-01 2025/08/03 18:40:25 [INFO] [media.glujaz.fr] acme: Could not find solver for: http-01 2025/08/03 18:40:25 [INFO] [media.glujaz.fr] acme: use dns-01 solver 2025/08/03 18:40:25 [INFO] [media.glujaz.fr] acme: Preparing to solve DNS-01 2025/08/03 18:40:26 [INFO] [media.glujaz.fr] acme: Cleaning DNS-01 challenge 2025/08/03 18:40:27 [WARN] [media.glujaz.fr] acme: cleaning up failed: cloudflare: failed to find zone fr.: zone could not be found 2025/08/03 18:40:27 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/########### (removed value myself) obtain cert error: error: one or more domains had a problem: [media.glujaz.fr] [media.glujaz.fr] acme: error presenting token: cloudflare: failed to find zone fr.: zone could not be found ```
Author
Owner

@Glujaz commented on GitHub (Aug 13, 2025):

The issue is not fixed.
I am still having issues.
Maybe I am adding the API wrongly ?

I only need to add the API key with DNS modification rights in CF_DNS_API_TOKEN, correct ? @0xJacky

<!-- gh-comment-id:3182880056 --> @Glujaz commented on GitHub (Aug 13, 2025): The issue is not fixed. I am still having issues. Maybe I am adding the API wrongly ? I only need to add the API key with DNS modification rights in CF_DNS_API_TOKEN, correct ? @0xJacky
Author
Owner

@Glujaz commented on GitHub (Oct 25, 2025):

It has been 3 months, and the problem is still not solved...

Am I actually missing something in Cloudflare on NGinx UI ?

<!-- gh-comment-id:3446780540 --> @Glujaz commented on GitHub (Oct 25, 2025): It has been 3 months, and the problem is still not solved... Am I actually missing something in Cloudflare on NGinx UI ?
Author
Owner

@Glujaz commented on GitHub (Oct 25, 2025):

Ok, I found the solution. Nginx UI was not looking at my internal DNS... By adding "1.1.1.1:53" in Preferences, Cert, Recursive Nameservers, it solved the problem.

My bad for causing opening this ticket...

<!-- gh-comment-id:3446801988 --> @Glujaz commented on GitHub (Oct 25, 2025): Ok, I found the solution. Nginx UI was not looking at my internal DNS... By adding "1.1.1.1:53" in Preferences, Cert, Recursive Nameservers, it solved the problem. My bad for causing opening this ticket...
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-ui#7835
No description provided.