I’m a Google Domains user and prefer to use their DNS (familiarity, simplicity from my point of view) with my domain.
The current Let’s Encrypt documentation indicates Google Domains is not fully implemented for DNS auth, which suggests to me it’s a stalled work in progress. The note at the bottom of the readme recommends anyone interested in using it should speak up to assist with testing.
I’ve opened an issue to volunteer myself for testing. Are there others who use Google Domains who would be interested/available for testing as well?
@freshcoast Thanks for your reply. I confess, then, that it appears I don’t quite understand what I’m talking about. I was hoping to get a certificate issued using Let’s Encrypt and now it appears I don’t know how to do that.
Would using the free tier of cloudflare (or another currently supported service) work just as well for certificate issuance, while at the same time continuing to allow me to use the DNS name servers provided by google domains?
That was my real interest- I didn’t want to replace the Google Domains name servers and lose the ability to manage my domain from that portal.
Would using the free tier of cloudflare (or another currently supported service) work just as well for certificate issuance, while at the same time continuing to allow me to use the DNS name servers provided by google domains?
Cloudflare provides an SSL service, but I’m not sure how it works. They also have a paid tunnelling service (Argo) which proxies everything to your own server via Cloudflare. Of course there’s also Nabu Casa for that.
That was my real interest- I didn’t want to replace the Google Domains name servers and lose the ability to manage my domain from that portal.
Unfortunately Google Domains does not provide an API that software libraries can use to implement the Let’s Encrypt DNS challenge (requires modification of DNS records), which is why it isn’t a supported provider. So it’s impossible to use both Google Domains as the domain manager and DNS challenges with Let’s Encrypt. If you configure your domains to custom DNS servers (e.g. Cloudflare), you do lose the ability to manage them in the Google Domains dashboard.
I have a couple of domains up for renewal in Google Domains. I will probably move them because of this. Either to Gandi, which I already use, or something else. But using Cloudflare or another service to manage the domains is an alternative.
My synology NAS quite seamlessly provides a let’s encrypt certificate to a subdomain I use. I don’t know what’s happening there to make it so simple, but I simply input the subdomain and an email address and it takes care of the rest. I don’t understand enough about what’s going on there to get a good grip on why it’s so easy with the NAS and so difficult with hass.io, but I’m sure there must be a good explanation.
I don’t use a Synology, but I found a guide here and the official instructions both instruct you to port forward to port 80:
Let’s Encrypt will perform domain validation before issuing certificates for your domains. Please make sure your Synology NAS and router have port 80 open for domain validation from the Internet.
If you are using port forwarding then you are not using DNS challeneges, you are using HTTP challenges. In that case your DNS provider is irrelevant.
However, as you might see from the above link, certbot reqires a community add-on to provide this functionality. The add-on is available through pip, and it’s maintained by a Google employee on their personal GitHub account, and it was released only quite recently:
I’ve checked, and the official Let’s Encrypt add-on from Home Assistant already includes a couple of other community-maintained add-ons for certbot, so it might be a good idea to make a new feature request to add this support for Google Domains, not just Google Cloud DNS.