Setting up Wildcard Certs with Google Domains

Let’s Encrypt is so amazing compared to previous steps to setup SSL. I use Google Domains. I used Let’s Encrypt for ohayo.computer. Works great. I want to setup wildcard ssl though. The reason is that I release all versions of Ohayo to subdomains (v15.ohayo.computer, v14.ohayo.computer, v13.ohayo.computer, etc).

It seems like this is hard. The instructions for DNS provider seem to be for Google Cloud not Google Domains. Google Domains does not seem to allow API access. Has anyone put together a guide for how I could do wildcards SSL domains manually?

I currently have a wildcard A record that points to this server. I hope we can get this to be as easy as non-wildcard domains.

Thanks1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: *.ohayo.computer

I ran this command: apt-get install python3-certbot-dns-google

It produced this output: E: Unable to locate package python3-certbot-dns-google

My web server is (include version): nginx/1.10.3 (Ubuntu)

The operating system my web server runs on is (include version):Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-154-generic x86_64)

My hosting provider, if applicable, is:Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

Hi @breck7,

According to earlier forum threads, this is right—Google Domains doesn't have a way to automate the issuance of wildcard certificates.

In order to automate it, you will have to change to a different DNS provider—at least for the _acme-challenge record, which you could point via CNAME to a different DNS zone that is hosted elsewhere.

You can do it manually with certbot --manual, in which case Certbot will prompt you with the specific DNS records to create. This is a lot of work and, of course, has to be repeated manually every few months. If you use certbot --manual, the associated certificate can't be renewed with certbot renew, only with options along the lines of certbot certonly and specifying --cert-name.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.