certbot-dns-google-domains
certbot-dns-google-domains copied to clipboard
aaomidi
Google Domains is shutting down
This API will likely stop working once that's done.
I plan to do one final release and then put the repo into archive mode.
I am not sure of the date of the shutdown. Google still has all the documentation online and allows me to create tokens.
However, I am trying to set up Nginx Proxy Manager using the dns-google-domains challenge. I keep getting the following 400 error.
certbot.errors.PluginError: Unable to rotate DNS challenges: 400 Client Error: Bad Request for url: https://acmedns.googleapis.com/v1/acmeChallengeSets/mydomain.com:rotateChallenges
2023-07-08 09:35:29,967:ERROR:certbot._internal.log:Unable to rotate DNS challenges: 400 Client Error: Bad Request for url: https://acmedns.googleapis.com/v1/acmeChallengeSets/mydomain.com:rotateChallenges
I also tried using the Python version listed on the main GitHub page. This resolved in the same exact error as above.
Could this mean that this method is already being deprecated? Or am I just doing something wrong? I plan to switch to another provider, perhaps I need to do this sooner rather than later..?
Just found this, and tried it out today. Still works for me, as of today, thanks!
I got the email that my domain was moved to Squarespace in June and a few days later it stopped working.
Encountered exception during recovery: certbot.errors.PluginError: Unable to rotate DNS challenges: 400 Client Error: Bad Request for url: https://acmedns.googleapis.com/v1/acmeChallengeSets/xxx.com:rotateChallenges Unable to rotate DNS challenges: 400 Client Error: Bad Request for url: https://acmedns.googleapis.com/v1/acmeChallengeSets/xxx.com:rotateChallenges
Has anyone found a solution yet?
Not really, the google api responds with 400/404 and squarespace doesn't even support acme:
time to move business somewhere else
Yep. Already moved on. To the wrong registrar :(, but more on that later. First a bit of a rant about Squarespace . Not only does Squarespace
- not have dynamic DNS
- not have an API for DNS-01 challenge for SSL certs (or any API at all really)
- They also hold your domain hostage for the full 5 days with no way to speed it up when you try to transfer it away from them
- They also don't give you proper WHOIS privacy. With Google Domains, my domains did not show the real country of the domain owner. At Squarespace those records changed to now showing the real country, unredacted.
So, to anyone reading this, a few things I have learned over the last couple of weeks the hard way:
- In case you didn't transfer your domains away from Google before they were forcefully transferred over to Squarespace, check your domain records. The domain owner's country is probably exposed now (for .com domains at least). And 'now' means forever on the internet.
- Transfer it away from Squarespace.
- Do not make the mistake that I did and transfer to Cloudflare if you want WHOIS privacy. Their domains are cheap but they also don't redact the country. They don't redact the state either.
- If you need fancy DNS stuff (you wouldn't be here if you didn't) like DNS API, dyn DNS, ACME, perhaps even CNAME flattening, you can take your domain to basically any registrar and then use Cloudflare's free Nameservers for it (which support all of these things). You just need to make sure that the new registrar allows you to set your own nameservers (meaning they don't insist on you using the registrar's nameservers). /rant
Lastly, I would like to thank the creators of the Google Domains certbot plugin for their great work. I really appreciate it.