In google cloud DNS , I have to create a zone. In that I need to create an A record for IP , and CNAME for domain url. I need to copy NS entry name servers in Domain.
I can temporarily make the switch. to Default name servers ,
If I toggle, whet command should I run to verify please ?
Ah I see that google cloud dns and domains are separate but similar (at least NS-wise) things. It looks like you're working with google domains panel instead ofgoogle cloud dns panel.
If I search for "google cloud DNS control panel" with Google Images, I'm getting pictures of control panels which are NOT looking like the control panel of your screenshots.
As @Nekit I suspect you're using the DNS zone editor of Google Domains, but your custom name servers are of Google Cloud.
If you don't have any good reason to use custom name servers to begin with, I certainly would switch back to the default name servers. If you still have the CNAME set up correctly, your setup should work. If you've removed the CNAME record, then you should add it again as previously recommended.
Lets come to the basics.
I have a domain and I want to create a certificate, then I am going to use the below right (?)
sudo certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d *.pywise.co.uk -d pywise.co.uk
In this case, we copy output to custom record in "Default Name Server" tab as CNAME
If Google Cloud DNS comes into picture, do I need to creat certificate for my CloudDNS ?
If we're talking REALLY basic then no, not necessarily.
You're using a very specific method for getting a wildcard certificate using acme-dns. If you don't need a wildcard certificate, but are fine with a certificate for just a few well-defined hostnames, you usually don't need the dns-01 challenge and don't need acme-dns.
When using acme-dnsand you're using Google Domains as nameservers (and do NOT have Google Cloud nameservers configured for your domain) then yes, you should put the custom record as CNAME in your "Default Name Server" editor.
However, if you're using custom name servers, you should add that CNAME record at the DNS zone editor of those custom name servers, which in your case appears to be Google Cloud (which is different from Google Domains).
I do not know what this means
I am using custom name server. It is true
I am assuming, I can add another CNAME record set in Google cloud Zone (NOT Domains). But what will be the DNS name ? type is CNAME (OK) and what about cannonical name ?
IF I then run sudo certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d *.pywise.co.uk -d pywise.co.uk
If you have Google Cloud nameservers set up as the authorative name servers for your domain then yes, you should add the CNAME record in the Google Cloud zone.
It would be exactly the same as in your Google Domains zone editor.
If the CNAME is set up correctly finally, then yes, it should work.
No, not empty or www. You have posted multiple screenshots of the instructions of the script already where it says to add the CNAME for _acme-challenge.pywise.co.uk.
I'm starting to think this entire thread is one big giant troll