Cloudflare DDNS failing
I'm trying to get cloudflare setup for my ddns since I have a domain I pay for. My existing no-ip ddns setup has been working just fine. As the script runs, it checks the listed IP of my domain, sees it doesn't match my local IP, and goes to update cloudflare's record. I'm using the api token I generated that reads zone.zone, and edits zone.dns. I'm getting errors on the update authentication, and I don't know whether it's a script problem, a credential problem, or a cloudflare problem.
I'm using username: Bearer and password: api token
115703 : Update needed - L: 'myrealboyipaddress' <> R: '123.123.123.123'
115703 : parsing script '/usr/lib/ddns/update_cloudflare_com_v4.sh'
115703 : #> /usr/bin/curl -RsS -o /var/run/ddns/cloudflare_ipv4.dat --stderr /var/run/ddns/cloudflare_ipv4.err --capath /etc/ssl/certs --noproxy '*' --header 'X-Auth-Email: Bearer' --header 'X-Auth-Key: ***PW***' --header 'Content-Type: application/json' --request GET 'https://api.cloudflare.com/client/v4/zones?name=mydomainipayfor.com'
115709 WARN : CloudFlare reported an error:
115709 : {"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6102,"message":"Invalid format for X-Auth-Email header"},{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}
115709 ERROR : IP update not accepted by DDNS Provider
115710 : Waiting 600 seconds (Check Interval)
Sort by:
Best
Open comment sort options
Best
Top
New
Controversial
Old
Q&A
Solved it poking around some. The script in /usr/bin/ddns/update_cloudflare_com_v4.sh forms it's headers as
The cloudflare api does not want X-Auth-Email and X-Auth-Key as separate lines. The proper API form of the header is:
where $username is "Bearer" and $password is the API token string, both as set in the ddns configuration.
Thx, it works, but my path is `/usr/lib/ddns/update_cloudflare_com_v4.sh`
I am using OpenWRT 21.02 in 2024, and this manual edit is not necessary anymore. I've read that this was the version where they patched the behavior. So if you're using OpenWRT 21.02 or newer, then you won't have to do any manual patching.
If you set the username to "Bearer", and put your token in "Password", then the "ddns-scripts-cloudflare" plugin automatically uses the "Authorization" header style instead.
Furthermore, if you want to update a subdomain, you MUST set the "Domain" setting to use a "@" between the subdomain and your actual zone (domain). Example "[email protected]". When you do this, the plugin detects that "example.com" is the zone and performs the correct request to edit a subdomain of that zone.
Tbh the latter is a bit stupid. It would be trivial for the "ddns-scripts-cloudflare" plugin code to detect what's a zone (domain and TLD) and what's the subdomain (if any), and not require us to use that weird syntax. But whatever. It's what the plugin requires as syntax to understand what to do, so we have to do it...
Thanks - this fix worked for me.
Thank you for this!
Thanks so much for this i was debugging everything but the script and this really saved me from insanity