certbot

Google DNS

Set up an IAM with "DNS Administrator" role.

If you want to use least privilege approach, use the following permissions:

- dns.changes.create
- dns.changes.get
- dns.managedZones.list
- dns.resourceRecordSets.create
- dns.resourceRecordSets.delete
- dns.resourceRecordSets.list
- dns.resourceRecordSets.update

Then export user's credentials.json

Install and run certbot.

pip3 install certbot-dns-google

Create certificates.

certbot certonly \
  --config-dir ./config \
  --work-dir ./work \
  --logs-dir ./logs \
  --agree-tos --email=PUT-WEB-MASTER-MAIL-HERE@PUT-YOUR-DOMAIN-HERE.com \
  --server https://acme-v02.api.letsencrypt.org/directory \
  --dns-google \
  --dns-google-propagation-seconds 120 \
  --dns-google-credentials ./credentials.json \
  -d 'PUT-YOUR-DOMAIN-HERE.com.'

Last updated