Google Domains / DNS without GPC so only API-key token

kirkpatrick · March 20, 2023, 10:14am

I'm trying to figure out how to configure a credential JSON file or parameter --dns-google-credentials for Certbot without having to subscribe to GPC. All I have for credentials are the API-key tokens associated with each domain name that I received from the security section of my Google domain portal. Is there a format to include it directly as a parameter or how do I include just that in a JSON file?

Osiris · March 20, 2023, 11:14am

I'm afraid you can't use the certbot-dns-google plugin for "Google Domains". Even acme.sh, the ACME client with I think the most amount of DNS plugins available, doesn't have a Google Domains plugin.

I see the lego ACME client does have Google Domains support: Google Domains :: Let’s Encrypt client and ACME library written in Go.

If you don't want to switch Certbot to lego, you could use the third party Certbot DNS plugin build by our own @_az certbot-dns-multi, which uses lego under the hood.

_az · March 20, 2023, 11:25am

Lego hasn’t made a new release since that provider was merged. It’ll be in the next version of the plug-in.

Osiris · March 20, 2023, 1:03pm

Ah, I didn't realise Google Domains was added just last week!

I'm not familair with the release cadence of lego, but maybe they can make a new release soon.

rg305 · March 20, 2023, 8:33pm

There is always the "CNAME to some other DNS service [including your own IP]" workaround.

Buffalo · March 20, 2023, 9:56pm

See

https://si.okiefrog.org/

for some guidance on rg305's suggestion

webprofusion · March 21, 2023, 3:41am

I presume you're using linux? Certify The Web and Posh-ACME both have a new Google Domains provider but they're mostly useful on Windows.

For certbot you probably want this plugin instead: GitHub - aaomidi/certbot-dns-google-domains: Google Domains plugin for Certbot.

Google Domains is fundamentally different from Google Cloud DNS, and Google Domains is quite unique in that they provide an API that's only for DNS challenges using ACME.

saudiqbal · March 21, 2023, 9:41pm

DNS api for google domains acme.sh is available here

github.com

CruzMarcio/acme.sh/blob/googledomains_api/dnsapi/dns_googledomains.sh

#!/usr/bin/env sh
GOOGLEDOMAINS_API="https://acmedns.googleapis.com/v1/acmeChallengeSets"
dns_googledomains_add() {
  fulldomain=$1
  txtvalue=$2
  _info "Using Google Domains api"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"

  GOOGLEDOMAINS_TOKEN="${GOOGLEDOMAINS_TOKEN:-$(_readaccountconf_mutable GOOGLEDOMAINS_TOKEN)}"

  if [ -z "$GOOGLEDOMAINS_TOKEN" ]; then
    GOOGLEDOMAINS_TOKEN=""
    _err "You did not specify GOOGLEDOMAINS_TOKEN yet."
    _err "Please create your key and try again."
    _err "e.g."
    _err "export GOOGLEDOMAINS_TOKEN=d41d8cd98f00b204e9800998ecf8427e"
    return 1
  fi
  #save the api token to the account conf file.

This file has been truncated. show original

kirkpatrick · March 27, 2023, 8:27pm

Did you create this before the one that's emerging here by Alex Leigh?

I don't know if you've seen it. It's on the second page and not in the directory yet.
Are there feature differences?
Thanks

kirkpatrick · March 27, 2023, 9:04pm

Thanks Osiris,
It's hard to find but on acme.sh does have a Plugin, but it's still not listed in the directory. It seems to work well.
157. Use Google Domains DNS API
I tried the legos option https://go-acme.github.io/lego/dns/googledomains/
but I noticed the version is "since:" 4.11.0 and the current is v4.10.2

system · April 26, 2023, 9:04pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

_az · May 2, 2023, 10:38pm

A late update: lego released v4.11.0 today and certbot-dns-multi now supports Google Domains.

Topic		Replies	Views
Certbot automation with 3rd Party DNS provider? Help	6	56	December 11, 2024
`certbot-dns-multi` - bringing lego's 100+ DNS providers to Certbot Client dev	24	2270	November 28, 2022
Azure + DNS01 + Google Domain Help	4	1149	August 4, 2019
Has anyone configured Google Domains credentials files? Client dev	3	5061	February 15, 2022
Using Certbot and DNS01 Help	3	1932	March 17, 2019

Google Domains / DNS without GPC so only API-key token

Related topics