Let's encrypt with google DNS configuration

ekrako · February 16, 2020, 9:26am

Hi,
I’ve been using the let’s encrypt add on to create cert to my server.
I’ve been using the HTTP challenge, and trying to move to DNS challenge.
I’m using google domain to manage my domain.
I’ve put the google.json file in the share folder with following inputs

{
  "type": "service_account",
  "project_id": "home-assistant-1652",
  "private_key_id": "xxxxxxxxxxxxxxxxxxxxxxx",
  "private_key": "-----BEGIN PRIVATE KEY-----xxxxxxxxxxxxxxxxxx\n-----END PRIVATE KEY-----\n",
  "client_email": "[email protected]",
  "client_id": "xxxxxx",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/lets-encrypt%40home-assistant-1652.iam.gserviceaccount.com"
}

and the log file when running fails

[11:07:16] INFO: Selected DNS Provider: dns-google
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /data/letsencrypt/renewal/home.krakovsky.info.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Non-interactive renewal: random delay of 34.446191910928256 seconds
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
Attempting to renew cert (home.krakovsky.info) from /data/letsencrypt/renewal/home.krakovsky.info.conf produced an unexpected error: None of the preferred challenges are supported by the selected plugin. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /data/letsencrypt/live/home.krakovsky.info/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
  /data/letsencrypt/live/home.krakovsky.info/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

pove · July 14, 2021, 5:40am

Hi, did you finally manage to use DNS challenge?

pergola.fabio · December 13, 2021, 10:38am

interested in this too, what tutorial did you follow?