I have been running autorenewal with certbot --webroot. I moved my domains over to GoDaddy because (a) I already had a few there and (b) I read in various places that GoDaddy DNS supports Letsencrypt DNS challenge.
I've found https://pypi.org/project/certbot-dns-godaddy/. Is that indeed the way to go?
Never change a winning team. Is your team not winning currently?
Uncertain what you meant. Maybe something along the lines of "if it ain't broken, don't fix it", but I do want to fix something: using a wildcard cert and that is not possible with webroot.
Anyway, I went ahead and it works.
Correct.
Ah, you might want to have mentioned that earlier.
Nice 
If you wanted to have a wildcard certificate then yes, I'd also would recommend the certbot-dns-godaddy plugin to get it, as it enabled automatic renewal.
Actually, I am running into an issue (solvable, just have to think about how). I already had certbot installed but without this plugin. Getting the plugin on my server means installing pip and that means having to add the whole compiler setup to the system. So, instead, I used the docker container. That container is self-sufficient, and it installs the stuff in the docker host (which is intentional) via docker mounts. But there, the previously installed certbot apt package on the docker host has setup a systemd timer and a crontab entry, which is run by the docker host certbot which does not have the plugin...
I can uninstall the apt certbot package (the container can handle everything, data remains on the docker host), but that means I have to create my own 'renewal-hook/timing/etc' setup. So, I can either just swallow pip and everything that comes with it, or I have a bit of self-maintained stuff to build automatic renewal/install using the container only. The container gives me a cleaner system at the expense of a dependency (will the container be updated in the future?) and some basic manual work.
Hmm. Decisions, decisions...
I was not aware using pip would require a compiler? Or maybe Rust for cryptography? If you do start using pip, it's highly recommended to run it in a virtual environment.
You could also ask the maintainer of the certbot-dns-godaddy plugin if they can make their plugin available using snap, which is the recommended method of installing Certbot.
And, the acme.sh ACME client (link here) has a GoDaddy DNS plug-in
Being all shell script might avoid some packaging issues
Or repurpose the plugin script from acme.sh so it'll work with Certbot as an auth hook 
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.