I would like to use the certbot-dns-google plugin to get and renew wildcard certificates. I have created wildcard certificate manually on my GoDaddy account. I have hit a brick wall: the credentials file. The example in the certbot documentation is a little thin:

“type”: “service_account”,


I have a Google Cloud Platform account (paid) and I am using a few Google services (using an API linked to account). I have created a zone in the cloud DNS (ch1.grzhost.com) and I have created A records for my test VM cbot and the wild card *.cbot. All this seems to work just fine.

My question is: exactly (san any private keys) do I need to put in the credentials json file for this too work. Or possibly how do I have google create this file and download it.

I have been trying to figure this out most of yesterday for about 4 hours today. Please help.

thanks in advance,


You should be able to download the “Google Cloud Platform credentials JSON file” ( google.json in https://certbot-dns-google.readthedocs.io/en/latest/#credentials )


These names can be arbitrary; it is only important that you remember them. Under “Key type,” we recommend that you leave this value as “JSON”. Click “Create”, and the GCP Console will generate a JSON key (as a .json text file), prompt you to download the file to your computer, and display a Service account created dialog box.


I did this, and I now have a certificate file. Also I now understand why the example was so thin…
Note: I had to touch up my roles for the JSON file to generate.
BTY: I really appreciate your prompt, direct, and correct response.



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.