-
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Required Google Cloud Platform permissions seem to have changed #6877
Comments
I am encountering a similar issue, and I don't think the problem has to do with permissions. When running from GCE, the dns-google plugin only seems to examine the project the instance is running in for DNS zones. In your case @itsthejb, is the DNS zone "jcrooke.net" in the project "web-server-208814"? I have two separate projects, one for my web application, one for managing all my DNS, and my web application is unable to request certs from the DNS zone. I have tried updating the SDKs running project with |
I was able to resolve my issue using the For the record, I have created a custom permissions role with the exact permissions listed here. |
Hi @xenorites, I'm not running from GCE, and only have a single project. Plus I recreated all my service accounts. In my case, the elevated permission account is working around the issue for me, so seems clear I need some other permissions added to a "DNS Admin" account in order for it to work. Just don't know which specifically |
I had the same problem and fixed it by adding the I'm using Terraform so basically adding it to Would be great if this was added to the official documentation since it's not that obvious |
Thanks for your input @FearlessHyena. Your suggestion doesn't apply to my particular setup, but I tried again, giving all DNS permissions, and I think it's now working: |
Thanks for the follow up @itsthejb |
Hi @FearlessHyena how do you get to this screenshot if i may ask. i |
Hi @hatakora62 I think you meant to mention @itsthejb for the screenshot so just adding the mention here
|
Glad I was helpful! Going to close this now, I’ve actually migrated away from certbot |
My operating system is (include version):
Cent OS 7
I installed Certbot with (certbot-auto, OS package manager, pip, etc):
I ran this command and it produced this output:
certbot --dns-google --dns-google-credentials /etc/letsencrypt/credentials/credentials.json --server https://acme-v02.api.letsencrypt.org/directory renewal --dry-run
(or similar)Certbot's behavior differed from what I expected because:
DNS Administrator
Role. Also did not workOwner
roleHere is a Certbot log showing the issue (if available):
The text was updated successfully, but these errors were encountered: