Does this project still work?

[romerojunior]

I've been using the docker image from this repository for a little while, quite happily. Until today, when trying to renew a set of certificates :)
For some reason it no longer works, no changes since this ran from an automated job.

/home/ubuntu/godaddy# docker run --rm \          
 -v /var/lib/letsencrypt:/var/lib/letsencrypt \
 -v /etc/letsencrypt:/etc/letsencrypt \
 -v /home/ubuntu/godaddy:/etc/godaddy \
 --cap-drop=all \
 miigotu/certbot-dns-godaddy certbot certonly  \
 --authenticator dns-godaddy \
 --dns-godaddy-propagation-seconds 300 \
 --dns-godaddy-credentials /etc/godaddy/godaddy.ini \
 --keep-until-expiring --non-interactive --expand \
 --server https://acme-v02.api.letsencrypt.org/directory \
 --agree-tos --email "admin@bingebox.nl" \
 -d 'bingebox.nl' \
 -d '*.bingebox.nl'

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for bingebox.nl and *.bingebox.nl
Unsafe permissions on credentials configuration file: /etc/godaddy/godaddy.ini
Error determining zone identifier for bingebox.nl: 403 Client Error: Forbidden for url: https://api.godaddy.com/v1/domains/bingebox.nl.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

[mcchas]

I have the same issue. Seems to be GoDaddy is restricting their API without any notice.
A few others have reported the same on reddit.
I have a case open with them but the its more likely I will transfer my domains somewhere else like cloudflare.

[SamAlhabash]

Hi, I have had this same issue and I was one of the people documenting their process on Reddit indeed.
This is the Reddit Post for reference.

It is clear that the GoDaddy team has decided to not support small business or individuals in automatic renewals of certificates. It is certainly not the fault of this project.

I have circumvented the issue by Transerring our DNS registration to cloud flare following the instructions here. Note that you do not need to transfer your domain registration completely, only the DNS. Then, I used the Cloudflare-dns to setup automatic renewal. Works like a charm!

Note that for this to work on certificates previously generated with the godaddy-authenticator, you must change the configuration under /etc/letsencrypt/renewal/{yourDomain}.conf and use the cloudflare variables instead.

Example configuration before update (/etc/letsencrypt/renewal/{yourDomain}.conf)

# renew_before_expiry = 30 days
version = 1.26.0
archive_dir = /etc/letsencrypt/archive/{yourDomain}
cert = /etc/letsencrypt/live/{yourDomain}/cert.pem
privkey = /etc/letsencrypt/live/{yourDomain}/privkey.pem
chain = /etc/letsencrypt/live/{yourDomain}/chain.pem
fullchain = /etc/letsencrypt/live/{yourDomain}/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = {yourAccountID} # You may leave this unchanged
server = https://acme-v02.api.letsencrypt.org/directory # You may leave this unchanged
key_type = rsa  # You may leave this unchanged
## You must change everything below this line 
authenticator = dns-godaddy
dns_godaddy_propagation_seconds = 120
dns_godaddy_credentials = path/to/your/godaddy/credentials.ini

Example configuration after update to work with cloudflare (change appropriately for your provider):

# renew_before_expiry = 30 days
version = 1.26.0
archive_dir = /etc/letsencrypt/archive/{yourDomain}
cert = /etc/letsencrypt/live/{yourDomain}/cert.pem
privkey = /etc/letsencrypt/live/{yourDomain}/privkey.pem
chain = /etc/letsencrypt/live/{yourDomain}/chain.pem
fullchain = /etc/letsencrypt/live/{yourDomain}/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = {yourAccountID} # You may leave this unchanged
server = https://acme-v02.api.letsencrypt.org/directory # You may leave this unchanged
key_type = rsa  # You may leave this unchanged
## You must change everything below this line 
authenticator = dns-cloudflare
dns_cloudflare_propagation_seconds = 120
dns_cloudflare_credentials = path/to/your/cloudflare/credentials.ini

[cguerrero1205]

Hi, I have had this same issue and I was one of the people documenting their process on Reddit indeed. This is the Reddit Post for reference.

It is clear that the GoDaddy team has decided to not support small business or individuals in automatic renewals of certificates. It is certainly not the fault of this project.

I have circumvented the issue by Transerring our DNS registration to cloud flare following the instructions here. Note that you do not need to transfer your domain registration completely, only the DNS. Then, I used the Cloudflare-dns to setup automatic renewal. Works like a charm!

Note that for this to work on certificates previously generated with the godaddy-authenticator, you must change the configuration under /etc/letsencrypt/renewal/{yourDomain}.conf and use the cloudflare variables instead.

Example configuration before update (/etc/letsencrypt/renewal/{yourDomain}.conf)

# renew_before_expiry = 30 days
version = 1.26.0
archive_dir = /etc/letsencrypt/archive/{yourDomain}
cert = /etc/letsencrypt/live/{yourDomain}/cert.pem
privkey = /etc/letsencrypt/live/{yourDomain}/privkey.pem
chain = /etc/letsencrypt/live/{yourDomain}/chain.pem
fullchain = /etc/letsencrypt/live/{yourDomain}/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = {yourAccountID} # You may leave this unchanged
server = https://acme-v02.api.letsencrypt.org/directory # You may leave this unchanged
key_type = rsa  # You may leave this unchanged
## You must change everything below this line 
authenticator = dns-godaddy
dns_godaddy_propagation_seconds = 120
dns_godaddy_credentials = path/to/your/godaddy/credentials.ini

Example configuration after update to work with cloudflare (change appropriately for your provider):

# renew_before_expiry = 30 days
version = 1.26.0
archive_dir = /etc/letsencrypt/archive/{yourDomain}
cert = /etc/letsencrypt/live/{yourDomain}/cert.pem
privkey = /etc/letsencrypt/live/{yourDomain}/privkey.pem
chain = /etc/letsencrypt/live/{yourDomain}/chain.pem
fullchain = /etc/letsencrypt/live/{yourDomain}/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = {yourAccountID} # You may leave this unchanged
server = https://acme-v02.api.letsencrypt.org/directory # You may leave this unchanged
key_type = rsa  # You may leave this unchanged
## You must change everything below this line 
authenticator = dns-cloudflare
dns_cloudflare_propagation_seconds = 120
dns_cloudflare_credentials = path/to/your/cloudflare/credentials.ini

Hello, Sam

I have 1 month before my current certificate expires, so I'm looking at options I have for when I have to update it. I was reviewing what you said, transfer only the DNS to cloud flare, but it is not entirely clear to me how to do it, I checked on the web, but there is not much information about it. Could you please specify from which step I should start to do such a process?.

Thank you very much for your comments.

[SamAlhabash]

Hi, I have had this same issue and I was one of the people documenting their process on Reddit indeed. This is the Reddit Post for reference.
It is clear that the GoDaddy team has decided to not support small business or individuals in automatic renewals of certificates. It is certainly not the fault of this project.
I have circumvented the issue by Transerring our DNS registration to cloud flare following the instructions here. Note that you do not need to transfer your domain registration completely, only the DNS. Then, I used the Cloudflare-dns to setup automatic renewal. Works like a charm!
Note that for this to work on certificates previously generated with the godaddy-authenticator, you must change the configuration under /etc/letsencrypt/renewal/{yourDomain}.conf and use the cloudflare variables instead.
Example configuration before update (/etc/letsencrypt/renewal/{yourDomain}.conf)

# renew_before_expiry = 30 days
version = 1.26.0
archive_dir = /etc/letsencrypt/archive/{yourDomain}
cert = /etc/letsencrypt/live/{yourDomain}/cert.pem
privkey = /etc/letsencrypt/live/{yourDomain}/privkey.pem
chain = /etc/letsencrypt/live/{yourDomain}/chain.pem
fullchain = /etc/letsencrypt/live/{yourDomain}/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = {yourAccountID} # You may leave this unchanged
server = https://acme-v02.api.letsencrypt.org/directory # You may leave this unchanged
key_type = rsa  # You may leave this unchanged
## You must change everything below this line 
authenticator = dns-godaddy
dns_godaddy_propagation_seconds = 120
dns_godaddy_credentials = path/to/your/godaddy/credentials.ini

Example configuration after update to work with cloudflare (change appropriately for your provider):

# renew_before_expiry = 30 days
version = 1.26.0
archive_dir = /etc/letsencrypt/archive/{yourDomain}
cert = /etc/letsencrypt/live/{yourDomain}/cert.pem
privkey = /etc/letsencrypt/live/{yourDomain}/privkey.pem
chain = /etc/letsencrypt/live/{yourDomain}/chain.pem
fullchain = /etc/letsencrypt/live/{yourDomain}/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = {yourAccountID} # You may leave this unchanged
server = https://acme-v02.api.letsencrypt.org/directory # You may leave this unchanged
key_type = rsa  # You may leave this unchanged
## You must change everything below this line 
authenticator = dns-cloudflare
dns_cloudflare_propagation_seconds = 120
dns_cloudflare_credentials = path/to/your/cloudflare/credentials.ini

Hello, Sam

I have 1 month before my current certificate expires, so I'm looking at options I have for when I have to update it. I was reviewing what you said, transfer only the DNS to cloud flare, but it is not entirely clear to me how to do it, I checked on the web, but there is not much information about it. Could you please specify from which step I should start to do such a process?.

Thank you very much for your comments.

Hi cguerrero1205,

You can follow the instructions here. Note: You only need to follow steps up to step 3. You do not need to follow step 4 if your goal is to just change the DNS provider. Please note also, that any DNS rules you have on GoDaddy will be deleted. So Perhaps good to back them up with a screenshot so you can apply them to your cloudflare settings once you are done! After you've done this, you can set up the Cloudflare certbot plugin as I described in my comment above. If you run into trouble, comment here and I will try to help you resolve it!

[cguerrero1205]

Hi, I have had this same issue and I was one of the people documenting their process on Reddit indeed. This is the Reddit Post for reference.
It is clear that the GoDaddy team has decided to not support small business or individuals in automatic renewals of certificates. It is certainly not the fault of this project.
I have circumvented the issue by Transerring our DNS registration to cloud flare following the instructions here. Note that you do not need to transfer your domain registration completely, only the DNS. Then, I used the Cloudflare-dns to setup automatic renewal. Works like a charm!
Note that for this to work on certificates previously generated with the godaddy-authenticator, you must change the configuration under /etc/letsencrypt/renewal/{yourDomain}.conf and use the cloudflare variables instead.
Example configuration before update (/etc/letsencrypt/renewal/{yourDomain}.conf)

# renew_before_expiry = 30 days
version = 1.26.0
archive_dir = /etc/letsencrypt/archive/{yourDomain}
cert = /etc/letsencrypt/live/{yourDomain}/cert.pem
privkey = /etc/letsencrypt/live/{yourDomain}/privkey.pem
chain = /etc/letsencrypt/live/{yourDomain}/chain.pem
fullchain = /etc/letsencrypt/live/{yourDomain}/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = {yourAccountID} # You may leave this unchanged
server = https://acme-v02.api.letsencrypt.org/directory # You may leave this unchanged
key_type = rsa  # You may leave this unchanged
## You must change everything below this line 
authenticator = dns-godaddy
dns_godaddy_propagation_seconds = 120
dns_godaddy_credentials = path/to/your/godaddy/credentials.ini

Example configuration after update to work with cloudflare (change appropriately for your provider):

# renew_before_expiry = 30 days
version = 1.26.0
archive_dir = /etc/letsencrypt/archive/{yourDomain}
cert = /etc/letsencrypt/live/{yourDomain}/cert.pem
privkey = /etc/letsencrypt/live/{yourDomain}/privkey.pem
chain = /etc/letsencrypt/live/{yourDomain}/chain.pem
fullchain = /etc/letsencrypt/live/{yourDomain}/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = {yourAccountID} # You may leave this unchanged
server = https://acme-v02.api.letsencrypt.org/directory # You may leave this unchanged
key_type = rsa  # You may leave this unchanged
## You must change everything below this line 
authenticator = dns-cloudflare
dns_cloudflare_propagation_seconds = 120
dns_cloudflare_credentials = path/to/your/cloudflare/credentials.ini

Hello, Sam
I have 1 month before my current certificate expires, so I'm looking at options I have for when I have to update it. I was reviewing what you said, transfer only the DNS to cloud flare, but it is not entirely clear to me how to do it, I checked on the web, but there is not much information about it. Could you please specify from which step I should start to do such a process?.
Thank you very much for your comments.

Hi cguerrero1205,

You can follow the instructions here. Note: You only need to follow steps up to step 3. You do not need to follow step 4 if your goal is to just change the DNS provider. Please note also, that any DNS rules you have on GoDaddy will be deleted. So Perhaps good to back them up with a screenshot so you can apply them to your cloudflare settings once you are done! After you've done this, you can set up the Cloudflare certbot plugin as I described in my comment above. If you run into trouble, comment here and I will try to help you resolve it!

Hello,

Thank you for your help. This weekend I will do the procedures, out of production hours, then I will let you know how it goes.

Again, thank you very much.

[piyushgarg]

To backup godaddy dns records, on the godaddy dns page, change the page size, it will make the following query which can be saved as a json file. Inspect the Network web developer tools for this.
https://domdns.api.godaddy.com/v1/customers//zones/?pageNumber=1&pageSize=50&type=

[Jim-Battle67]

Possibly a silly question... if I migrate to cloudflare following the above instructions (I will just do DNS for now), does the existing site and certificate continue to function properly up until expiration ?

[SamAlhabash]

Possibly a silly question... if I migrate to cloudflare following the above instructions (I will just do DNS for now), does the existing site and certificate continue to function properly up until expiration ?

No such thing as a silly question! :)
Yes, your current certificates will continue to work as they are already issued. As long as the new DNS name matches the old one, you will not have an issue! You can also force renew the certificate by running certbot with the --force-renewal argument.

[cguerrero1205]

Hello, Sam.
I did the migration to cloudflare today, all without major problems, mostly due to lack of knowledge on the subject, but everything could be solved. Thank you very much for your help.
Additionally I configured cloudflare to automatically update the certificate, so I don't have to use certbot, or any external application. I only created a certificate for my home server, which lasts 15 years, and cloudflare automatically updates the client's certificate every 3 months. So, if cloudflare never fails, I don't have to do anything else for the next 15 years.
This is great!

[piyushgarg]

As the godaddy limitation is outside the scope of this problem. @romerojunior, move this to a discussion or wiki page. I have also moved to cloudflare dns and once the domain is nearing renewal, will permanently move it there.

[gelcaas]

Hi, I have had this same issue and I was one of the people documenting their process on Reddit indeed. This is the Reddit Post for reference.

It is clear that the GoDaddy team has decided to not support small business or individuals in automatic renewals of certificates. It is certainly not the fault of this project.

I have circumvented the issue by Transerring our DNS registration to cloud flare following the instructions here. Note that you do not need to transfer your domain registration completely, only the DNS. Then, I used the Cloudflare-dns to setup automatic renewal. Works like a charm!

Note that for this to work on certificates previously generated with the godaddy-authenticator, you must change the configuration under /etc/letsencrypt/renewal/{yourDomain}.conf and use the cloudflare variables instead.

Example configuration before update (/etc/letsencrypt/renewal/{yourDomain}.conf)

# renew_before_expiry = 30 days
version = 1.26.0
archive_dir = /etc/letsencrypt/archive/{yourDomain}
cert = /etc/letsencrypt/live/{yourDomain}/cert.pem
privkey = /etc/letsencrypt/live/{yourDomain}/privkey.pem
chain = /etc/letsencrypt/live/{yourDomain}/chain.pem
fullchain = /etc/letsencrypt/live/{yourDomain}/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = {yourAccountID} # You may leave this unchanged
server = https://acme-v02.api.letsencrypt.org/directory # You may leave this unchanged
key_type = rsa  # You may leave this unchanged
## You must change everything below this line 
authenticator = dns-godaddy
dns_godaddy_propagation_seconds = 120
dns_godaddy_credentials = path/to/your/godaddy/credentials.ini

Example configuration after update to work with cloudflare (change appropriately for your provider):

# renew_before_expiry = 30 days
version = 1.26.0
archive_dir = /etc/letsencrypt/archive/{yourDomain}
cert = /etc/letsencrypt/live/{yourDomain}/cert.pem
privkey = /etc/letsencrypt/live/{yourDomain}/privkey.pem
chain = /etc/letsencrypt/live/{yourDomain}/chain.pem
fullchain = /etc/letsencrypt/live/{yourDomain}/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = {yourAccountID} # You may leave this unchanged
server = https://acme-v02.api.letsencrypt.org/directory # You may leave this unchanged
key_type = rsa  # You may leave this unchanged
## You must change everything below this line 
authenticator = dns-cloudflare
dns_cloudflare_propagation_seconds = 120
dns_cloudflare_credentials = path/to/your/cloudflare/credentials.ini

Same problem, it worked well before, The certificate will expire in a few days. I have been looking for a solution. Fortunately, I saw your comment. Thank you.

[gelcaas]

It's weird that one of my domains can be renewed but the other can't !
I use acme.sh instead, it works well.
https://github.com/acmesh-official/acme.sh?tab=readme-ov-file

[IsaacWG]

I've recently ran into this issue with a couple of GoDaddy accounts I manage. I called their support and they told me that they are now only allowing access to the domains API for accounts that have 10+ domains and also pay for "discount domain club", or accounts with 50+ domains.