I have been running autorenewal with
certbot --webroot. I moved my domains over to GoDaddy because (a) I already had a few there and (b) I read in various places that GoDaddy DNS supports Letsencrypt DNS challenge.
I've found https://pypi.org/project/certbot-dns-godaddy/. Is that indeed the way to go?
Never change a winning team. Is your team not winning currently?
Uncertain what you meant. Maybe something along the lines of "if it ain't broken, don't fix it", but I do want to fix something: using a wildcard cert and that is not possible with webroot.
Anyway, I went ahead and it works.
Ah, you might want to have mentioned that earlier.
Nice If you wanted to have a wildcard certificate then yes, I'd also would recommend the
certbot-dns-godaddy plugin to get it, as it enabled automatic renewal.
Actually, I am running into an issue (solvable, just have to think about how). I already had
certbot installed but without this plugin. Getting the plugin on my server means installing
pip and that means having to add the whole compiler setup to the system. So, instead, I used the docker container. That container is self-sufficient, and it installs the stuff in the docker host (which is intentional) via docker mounts. But there, the previously installed
apt package on the docker host has setup a
systemd timer and a
crontab entry, which is run by the docker host
certbot which does not have the plugin...
I can uninstall the
certbot package (the container can handle everything, data remains on the docker host), but that means I have to create my own 'renewal-hook/timing/etc' setup. So, I can either just swallow
pip and everything that comes with it, or I have a bit of self-maintained stuff to build automatic renewal/install using the container only. The container gives me a cleaner system at the expense of a dependency (will the container be updated in the future?) and some basic manual work.
Hmm. Decisions, decisions...
I was not aware using
pip would require a compiler? Or maybe Rust for
cryptography? If you do start using
pip, it's highly recommended to run it in a virtual environment.
You could also ask the maintainer of the
certbot-dns-godaddy plugin if they can make their plugin available using
snap, which is the recommended method of installing Certbot.
And, the acme.sh ACME client (link here) has a GoDaddy DNS plug-in
Being all shell script might avoid some packaging issues
Or repurpose the plugin script from
acme.sh so it'll work with Certbot as an auth hook
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.