Description of problem:

When renewing a Let's Encrypt certificate with certbot and Cloudflare DNS authentication, an error is generated and the certificate is not renewed. the error says:

<pre>
Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.3.0)
</pre>

Version-Release number of selected component (if applicable):

certbot-1.11.0-2.el7.noarch
python2-cloudflare-2.3.0-2.el7.noarch
python2-certbot-dns-cloudflare-1.11.0-1.el7.noarch

How reproducible:

Always

Steps to Reproduce:

/usr/bin/certbot  certonly --text --non-interactive --agree-tos  --register-unsafely-without-email  --preferred-challenges dns --dns-cloudflare --dns-cloudflare-credentials /tmp/credentials.ini --dns-cloudflare-propagation-seconds 15 -d <redacted_domain.com>  --preferred-chain 'ISRG Root X1'

The domain to renew must be managed in Cloudflare DNS and the CF credentials must be included in the file /tmp/credentials.ini in Certbot format.

Actual results:

Error:

Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.3.0)

And the certificate is not renewed.

Expected results:

No errors and certificate renewed.

Additional info:

I rebuilt the RPM for python-cloudflare 2.3.1 using the SRC RPM from 2.3.0 and changing just the Python package version (and disabling the GPG key check). The RPM was rebuilt without any issues, I installed the new RPM and certbot worked fine, my domain was renewed.

Just upgrading the Python cloudflare package to 2.3.1 makes certbot work again. There are later version of python-cloudflare, but 2.3.1 works just fine.