I found a solution for those using Google Compute Engine (GCE) with Google DNS. I installed GCE using pip and not the native console APIs&Services tool. I had to give permissions to the APIs to be able to run.
For anyone with a similar issue, go to your Compute Engine instance page. At the bottom, you will find Cloud API access scopes. I set it to Allow full access to all Cloud APIs. It’s at the bottom of the instance page. You need to press edit the instance.
For those looking to install Google DNS, do it through APIs&Services tool in the menu instead of through pip.
Here’s the full instructions:
- Install Google DNS API through APIs&Services in the left hand menu on Google Cloud Console.
- Make sure that Cloud API access scopes is set to Allow full access to all Cloud APIs on the instance’s page. You can also go onto the Google DNS API after you install it and click on the right hand side and click “Create Credentials”. It will most likely say that you do not need them if you are running a GCE.
- Run
sudo certbot certonly --cert-name CERTNAME --dns-google -d 'DOMAIN.COM,*.DOMAIN.COM'and replace or add DOMAIN and add name to your certificate using--cert-name CERTNAMEif you want to do so. Else remove--cert-name CERTNAMEif you want a default certificate name. You will see “congratulations” if successful. - Wait a few mins and run
sudo certbot renew --dry-runto check if everything with permissions is good to go. This might take a few min. If you get a txt records error, remove the txt records manually from your domains DNS records. Give it a few mins, and retrysudo certbot renew --dry-run. After a successful dry run, you’ll notice new txt records created in your DNS records, do not delete those. You will see “congratulations” if successful. - If you want to make sure you have renewed before expiry, add
0 0 * * * certbot renewto your crontab. It will attempt to renew daily and succeed about 30 days before expiry to keep your certificates valid.