Let's Encrypt via Certbot for Google Domains (not Google Cloud)

Hello,
I am using Certbot to generate Let's Encrypt certificates for a wildcard domaim for a domain (*.dusnet.xyz) hosted by Google Domains (not Google Cloud)

So i have opted for wildcard for few reasons however but I have a hard time to find the right configuration and plugin specific to Google Domains (i found a lot for Google Cloud but it doesn't help has the mechanism is different)
I am using the plugin certbot-dns-google-domains

The operating system my Certbot runs on is Debian 12, certbot is 2.1.0

When I use Certbot in a standard way for a single certificate (es.dusnet.xyz) , stand alone server, exposing port 80, then it's working fine. I get the certificate as expected (single domain). The certificate end up in the default folder /etc/letsencrypt/live/....which is then shared (this part works fine too)
However the port 80 will not be open once the network is fully configured so, challenge DNS is probably my only option to automate the renewal.

I have tried the TXT challenge but I keep getting an error that the TXT record doesn't exist using cerbot even if I can confirm the record is correct using a dig command. Dig return the correct information.

Using the API if my preferred option but at this point, I am not sure if i made mistake creating the .ini file that goes with the plugin. I didn't find any examples i could use.

And changing from Google DNS to Cloudflare is not an option

Here is the command I used
certbot certonly --authenticator 'dns-google-domains' --dns-google-domains-credentials '/var/lib/letsencrypt/dns_google_domains_credentials.ini' --server 'https://acme-v02.api.letsencrypt.org/directory' --dns-google-domains-zone 'dusnet.xyz' -d '*.dusnet.xyz'

Here is the error I get.
certbot: error: unrecognized arguments: --dns-google-domains-credentials /var/lib/letsencrypt/dns_google_domains_credentials.ini --dns-google-domains-zone dusnet.xyz

The .ini file (/var/lib/letsencrypt/dns_google_domains_credentials.ini) was created using nano with the 2 following lines (updated with the correct user name and password for the wildcard)

dns_google_domains_username = *.dusnet.xyz_username
dns_google_domains_password = *.dusnet.xyz_password

Certbot-dns-google-domains seems to be the right plugin but a sample of the .ini and the command will help

Any help will be appreciate !

Thank you

Wasn't google domains sold to SquareSpace?

I am not sure the plugin you are trying to use is supported any more. Is it this one from aaomidi?

That said, your error message sounds like an installation problem. I am just not sure it is worth resolving if the author is not supporting it anymore.

I believe both acme.sh and lego ACME clients supported google domains api but I don't know if even those still work given the SquareSpace sale.

Yes correct for both points. I am using aaomidi plugin - but I guess I missed his note you mentioned in your response.
Regarding SquareSpace, I have no clue no indication on what will happen.... i have been using Google Domains for few years and they just mentioned via email that current customer will be notified with more information once the transfer is completed... so..I am waiting
I think I have narrowed a little bit the issue I am facing - it seems related to the Python environment. I will be working on it later tonight and I will update the post.
Thank you !

Both acme.sh and lego would be an easier install if that is the issue. See github for both

Lego

Oops, sorry, I linked wrong acme.sh "how to" above. Below is for google domains

Thank you ! i will try those options tomorrow tomorrow but I finally make the plugin working but not the easiest install I even had to deal with.
Certbot and the plug are installed via pip3 in the environment (venv).
add in the command the following--config-dir /home/rv/letsencrypt , --work-dir /home/rv/letsencrypt , --logs /home/rv/letsencrypt. I was not able to make it works with value by defauts. I guess due to access rights
The whole command as root: /home/rv/venv/bin/certbot certonly --authenticator 'dns-google-domains' --dns-google-domains-credentials '/home/rv/letsencrypt/dns_google_domains_credentials.ini' --config-dir /home/rv/letsencrypt --work-dir /home/rv/letsencrypt --logs-dir /home/rv/letsencrypt --server 'https://acme-v02.api.letsencrypt.org/directory' -d '*.dusnet.xyz'
The files privkey and fullchain were saved automatically into /home/pi/letsencrypt/live/dusnet.xyz as expected.
Thank you for providing the alternative solutions, I will give it a try.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.