Certbot renewal failed using dns-google-domains

I got it covered. There was a problem with the DNS. I appreciate everyone's help. You guys are the best.

Didn't Google Domains get shut down and sold to Squarespace?

4 Likes

Their nameservers are still resolving.

3 Likes

Right, but is the old Google hosted update API still functional?

3 Likes

That is unusual error.

Are you using the dns-google-domains authenticator from: GitHub - aaomidi/certbot-dns-google-domains: Google Domains plugin for Certbot.

You might try posting on that github for suggestions on how to debug.

I would check that your access token is still correct. The parameters you used to get the cert are stored in the Certbot renewal conf file. Check that conf file and the access token there against your DNS control panel token

/etc/letsencrypt/renewal/gitlab.newtonprincipleagency.com.conf
4 Likes

That, I cannot answer, as I have never used their authoritative nameservers or API.

I think the course of action recommend by @MikeMcQ is going to be the best way to proceed.

3 Likes

@tmcknn3 If you provide details about what you corrected that might help someone in the future.

If you make those comments as a new post in this thread then we can mark those details as the Solution. We can't mark revisions to your first post like that.

Thanks

2 Likes

I had to manually added the certs. Squarespace would not let me do it automatically.
Once I did that, it worked.

3 Likes

I think I'm battling the same issue (but it's hard to say because I think the original post was edited to remove the details).

I've got a google domains -> squarespace transfered domain and I'm using the same certbot plugin.

Can you explain what you had to do to get around the issue? What do you mean you manually added the certs?

2 Likes

Can you please provide details of how you added the certs. Thanks

2 Likes

@shaymdev @onlinej

I think what they mean is they used the Certbot --manual option. This shows you a value that you manually add as a TXT record to your DNS zone.

This manual method cannot be automated so you repeat this every 60 days or so.

You should ask Squarespace when they plan to support a DNS API. Then someone would have to develop a plugin to use it.

Your other option is to change the DNS provider. Cloudflare is a commonly used one with good plugin support on many ACME clients (not just Certbot).

Here is the FAQ on Squarespace. Note the last sentence about "DNS API"

4 Likes