My domain is: rev79.app
I ran this command:
sudo certbot certonly --expand --dns-google --dns-google-credentials rev79-232812-9798a6f0482d.json -d rev79.app,api.rev79.app,sandbox-api.rev79.app,sandbox.rev79.app
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator dns-google, Installer None Renewing an existing certificate Performing the following challenges: dns-01 challenge for rev79.app dns-01 challenge for sandbox.rev79.app dns-01 challenge for api.rev79.app dns-01 challenge for sandbox-api.rev79.app URL being requested: GET https://www.googleapis.com/discovery/v1/apis/dns/v1/rest URL being requested: GET https://www.googleapis.com/dns/v1/projects/rev79-232812/managedZones?dnsName=rev79.app.&alt=json Attempting refresh to obtain initial access_token Refreshing access_token URL being requested: GET https://www.googleapis.com/dns/v1/projects/rev79-232812/managedZones?dnsName=app.&alt=json Cleaning up challenges URL being requested: GET https://www.googleapis.com/discovery/v1/apis/dns/v1/rest URL being requested: GET https://www.googleapis.com/dns/v1/projects/rev79-232812/managedZones?dnsName=rev79.app.&alt=json Attempting refresh to obtain initial access_token Refreshing access_token URL being requested: GET https://www.googleapis.com/dns/v1/projects/rev79-232812/managedZones?dnsName=app.&alt=json Error finding zone. Skipping cleanup. URL being requested: GET https://www.googleapis.com/discovery/v1/apis/dns/v1/rest URL being requested: GET https://www.googleapis.com/dns/v1/projects/rev79-232812/managedZones?dnsName=sandbox.rev79.app.&alt=json Attempting refresh to obtain initial access_token Refreshing access_token URL being requested: GET https://www.googleapis.com/dns/v1/projects/rev79-232812/managedZones?dnsName=rev79.app.&alt=json URL being requested: GET https://www.googleapis.com/dns/v1/projects/rev79-232812/managedZones?dnsName=app.&alt=json Error finding zone. Skipping cleanup. URL being requested: GET https://www.googleapis.com/discovery/v1/apis/dns/v1/rest URL being requested: GET https://www.googleapis.com/dns/v1/projects/rev79-232812/managedZones?dnsName=api.rev79.app.&alt=json Attempting refresh to obtain initial access_token Refreshing access_token URL being requested: GET https://www.googleapis.com/dns/v1/projects/rev79-232812/managedZones?dnsName=rev79.app.&alt=json URL being requested: GET https://www.googleapis.com/dns/v1/projects/rev79-232812/managedZones?dnsName=app.&alt=json Error finding zone. Skipping cleanup. URL being requested: GET https://www.googleapis.com/discovery/v1/apis/dns/v1/rest URL being requested: GET https://www.googleapis.com/dns/v1/projects/rev79-232812/managedZones?dnsName=sandbox-api.rev79.app.&alt=json Attempting refresh to obtain initial access_token Refreshing access_token URL being requested: GET https://www.googleapis.com/dns/v1/projects/rev79-232812/managedZones?dnsName=rev79.app.&alt=json URL being requested: GET https://www.googleapis.com/dns/v1/projects/rev79-232812/managedZones?dnsName=app.&alt=json Error finding zone. Skipping cleanup. Unable to determine managed zone for rev79.app using zone names: ['rev79.app', 'app'].
The version of my client is certbot 0.31.0
before using dns-google I made sure the Google account that I use in Google Cloud Platform is the same account that has access to the Google Domains account with rev79.app. I followed these instructions for creating a service account and gave it DNS administrator permissions. I downloaded the service account keys as json and fed that into the command.
I don’t think it succeeded in adding the subdomains to my certificate.