Hi everyone,
I’m trying to get SWAG running on my Synology NAS (Docker Compose), to reverse-proxy my Home Assistant instance via HTTPS on my own domain (hosted on Cloudflare, DNS A record pointing correctly).
The goal is to have valid Let’s Encrypt certificates because Home Assistant TTS (Text-to-Speech) via Sonos requires them.
Setup:
• Synology DS220+, SWAG running in Docker with docker-compose
• DNS provider: Cloudflare (Free plan)
• DNS challenge (DNSPLUGIN=cloudflare)
• API Token created as per official docs (Zone DNS → Edit, Zone → Read, for the whole account)
• Token stored correctly in /config/dns-conf/cloudflare.ini → dns_cloudflare_api_token=
SWAG starts and logs this error every time:
ERROR: Error determining zone_id: 9103 Unknown X-Auth-Key or X-Auth-Email
→ Cert does not exist
I’ve double-checked everything:
Token has correct permissions
Correct DNS A record is present
The token is used in cloudflare.ini (no quotes)
Email is not used in cloudflare.ini (only the token)
Domain resolves fine externally
Cloudflare account + domain active
I’ve also regenerated the token multiple times → same issue.
Question:
→ What else could cause this Unknown X-Auth-Key / X-Auth-Email error when using an API token (not global API key)?
→ Is there any known incompatibility with Cloudflare Free Plan + API Token + SWAG 4.x.x + DNS-01 Challenge?
Thanks a lot for any tips or ideas — I’m stuck here for hours.