Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: ko0y.org
I ran this command: Let's encrypt add-on to Home Assistant
It produced this output: error 403
My web server is (include version): hass.io
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
I have a static ip and domain registered in Google domains. I have a port forwarded in my router and can access HA externally with HTTP. I installed the Let’s Encrypt add-on with this configuration:
then I used google to create the credentials file. I renamed that file google.json and copied it to the share folder in HA. then I started the add-on, and got this error in the log:
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[17:14:06] INFO: Selected DNS Provider: dns-google
[17:14:06] INFO: Use propagation seconds: 60
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for *.ko0y.org
Encountered 403 Forbidden with reason "forbidden"
Encountered 403 Forbidden with reason "forbidden"
Error finding zone. Skipping cleanup.
Encountered error finding managed zone: <HttpError 403 when requesting https://dns.googleapis.com/dns/v1/projects/verdant-petal-381321/managedZones?dnsName=ko0y.org.&alt=json returned "Forbidden". Details: "[{'message': 'Forbidden', 'domain': 'global', 'reason': 'forbidden'}]">
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped
I've missed something here but have little idea what it is. Any help is appreciated.