Lets Encrypt with cloudflare fails token auth

[devenator]

Describe the issue you are experiencing

The Let's Encrypt-Addon currently fails when using cloudflare-api-token (the non-global token, not the global email/key) with:

The addon-configuration hasn't chanced in a year, was working ~3 months ago, and the token used is verifyed and working (on another system behind the same IP)...

Error determining zone_id: 9109 Invalid access token. Please confirm that you have supplied valid Cloudflare API credentials. (Did you enter a valid Cloudflare Token?)

My error code is (9109 vs 6003) different, but the actual python errors in the letsencrypt.log seems to be a known problem with dns-cloudflare and the underlying python-cloudflare module.

Can someone confirm, that this is actually the same problem...?

What type of installation are you running?

Home Assistant OS

Which operating system are you running on?

Home Assistant Operating System

Which add-on are you reporting an issue with?

Let's Encrypt

What is the version of the add-on?

4.12.9

Steps to reproduce the issue

1. Start addon to renew certificate
2. Gaze at the error
3. Be annoyed ;)

Additional information

letsencrypt.log shows:

2023-10-04 15:34:40,162:DEBUG:certbot_dns_cloudflare._internal.dns_cloudflare:Encountered error finding zone_id during deletion: Error determining zone_id: 9109 Invalid access token. Please confirm that you have supplied valid Cloudflare API credentials. (Did you enter a valid Cloudflare Token?)
2023-10-04 15:34:40,169:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/certbot_dns_cloudflare/_internal/dns_cloudflare.py", line 198, in _find_zone_id
    zones = self.cf.zones.get(params=params)  # zones | pylint: disable=no-member
  File "/usr/local/lib/python3.9/site-packages/CloudFlare/cloudflare.py", line 675, in get
    return self._base.do_auth('GET', self._parts, [identifier1, identifier2, identifier3, identifier4], params, data)
  File "/usr/local/lib/python3.9/site-packages/CloudFlare/cloudflare.py", line 129, in do_auth
    return self._call(method, headers, parts, identifiers, params, data, files)
  File "/usr/local/lib/python3.9/site-packages/CloudFlare/cloudflare.py", line 510, in _call
    raise CloudFlareAPIError(code, message)
CloudFlare.exceptions.CloudFlareAPIError: Invalid access token

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.9/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/usr/local/lib/python3.9/site-packages/certbot/_internal/main.py", line 1744, in main
    return config.func(config, plugins)
  File "/usr/local/lib/python3.9/site-packages/certbot/_internal/main.py", line 1591, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/local/lib/python3.9/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/local/lib/python3.9/site-packages/certbot/_internal/client.py", line 530, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/local/lib/python3.9/site-packages/certbot/_internal/client.py", line 442, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/local/lib/python3.9/site-packages/certbot/_internal/client.py", line 510, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/local/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 86, in handle_authorizations
    resps = self.auth.perfor`m(achalls)
  File "/usr/local/lib/python3.9/site-packages/certbot/plugins/dns_common.py", line 76, in perform
    self._perform(domain, validation_domain_name, validation)
  File "/usr/local/lib/python3.9/site-packages/certbot_dns_cloudflare/_internal/dns_cloudflare.py", line 76, in _perform
    self._get_cloudflare_client().add_txt_record(domain, validation_name, validation, self.ttl)
  File "/usr/local/lib/python3.9/site-packages/certbot_dns_cloudflare/_internal/dns_cloudflare.py", line 121, in add_txt_record
    zone_id = self._find_zone_id(domain)
  File "/usr/local/lib/python3.9/site-packages/certbot_dns_cloudflare/_internal/dns_cloudflare.py", line 215, in _find_zone_id
    raise errors.PluginError('Error determining zone_id: {0} {1}. Please confirm '
certbot.errors.PluginError: Error determining zone_id: 9109 Invalid access token. Please confirm that you have supplied valid Cloudflare API credentials. (Did you enter a valid Cloudflare Token?)
2023-10-04 15:34:40,175:ERROR:certbot._internal.log:Error determining zone_id: 9109 Invalid access token. Please confirm that you have supplied valid Cloudflare API credentials. (Did you enter a valid Cloudflare Token?)

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.