Bootstrap FreeKB - Certbot - Create wildcard public private key pair using GoDaddy
Certbot - Create wildcard public private key pair using GoDaddy
Updated:   |  Certbot articles

Prior to 2024, I had no issues using Certbot to create and renew SSL certificates using Go Daddy. However, in 2024, I started getting Forbidden for url: https://api.godaddy.com/v1/domains/example.com when attempting to renew my Go Daddy SSL certificates. Check out my article FreeKB - Certbot - Resolve "Forbidden for url". Long story short, sometime in 2024, Go Daddy made a change where customers with less than 50 domains can no longer use their production API. Check out this article  - https://www.reddit.com/r/godaddy/comments/1bl0f5r/am_i_the_only_one_who_cant_use_the_api/?rdt=42997

This assumes you have installed Certbot.

You will need the certbot-dns-godaddy plugin. Check out my article on Certbot Installing DNS Plugins.

At https://developer.godaddy.com, create an API key and secret. Make sure to use your production API key and secret, not OTE.

 

While the key pair is being generated, in your Go Daddy DNS console, a temporary acme-challenge TXT record should be listed.

 

On that system that certbot was installed on, create godaddy.ini.

touch /home/john.doe/certbot/godaddy.ini

 

Update godaddy.ini to contain your API key and secret.

dns_godaddy_secret = 0123456789abcdef
dns_godaddy_key = abcdef0123456789

 

Set the godaddy.ini file to only be readable and writable by the owner of the godaddy.ini file.

chmod 0600 /home/john.doe/certbot/godaddy.ini

 

Issue the following command to create the wildcard and "normal" certificates using GoDaddy DNS.

certbot certonly \
  --authenticator dns-godaddy \
  --dns-godaddy-credentials ~/certbot/godaddy.ini \
  --dns-godaddy-propagation-seconds 900 \
  --keep-until-expiring --non-interactive --expand \
  --server https://acme-v02.api.letsencrypt.org/directory 
  --non-interactive --agree-tos -m john.doe@example.com \
  --domains 'example.com' \
  --domains '*.example.com'

 

Something like this should be returned.

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/example.com/privkey.pem
This certificate expires on 2023-08-13.
These files will be updated when the certificate renews.

NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 7c4fe2 in the box below so that we can be sure you are a human.