aljaz/addons
1
0
Fork 0
mirror of https://github.com/aljazceru/addons.git synced 2025-12-17 05:04:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Docs: update CloudFlare token permissions (#1702)

Browse Source 
CloudFlare has improved its API, and as of [Certbot 1.6.0][1] (2020-07-07),
Certbot no longer requires permissions on all zones in your CloudFlare account.
(See PR certbot/certbot#8015.)

Verified in Let's Encrypt Add-on 4.11.0 running in Home Assistant 0.118.4.

[1]: https://github.com/certbot/certbot/releases/tag/v1.6.0
This commit is contained in:
Mike Edmunds
2020-12-04 03:24:38 -08:00
committed by GitHub
parent 02ff48fc66
commit c81448d00d
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
letsencrypt/DOCS.md
View File

@@ -207,8 +207,7 @@ For security reasons, don't use your main account's credentials. Instead, add a
Previously, Cloudflares “Global API Key” was used for authentication, however this key can access the entire Cloudflare API for all domains in your account, meaning it could cause a lot of damage if leaked.
Cloudflares newer API Tokens can be restricted to specific domains and operations, and are therefore now the recommended authentication option.
However, due to some shortcomings in Cloudflares implementation of Tokens, Tokens created for Certbot currently require `Zone:Zone:Read` and `Zone:DNS:Edit` permissions for all zones in your account.
The API Token used for Certbot requires only the `Zone:DNS:Edit` permission for the zone in which you want a certificate.
Example credentials file using restricted API Token (recommended):
```yaml