Sub domain wildcard certs fail to be generated because of the GoDaddy API check

[mnejmantowicz]

Discussed in #75

^{Originally posted by mnejmantowicz March 28, 2024}
Hello all. When requesting a sub domain wildcard cert such as *.lab.work.com the verification performed by the API produces an error:

Error determining zone identifier for lab.work.com: 404 Client Error: Not Found for url: https://api.godaddy.com/v1/domains/lab.work.com

The only way that I know of that GoDaddy DNS supports sub domains is the add a TXT record like so:

TXT _acme-challenge.lab in the work.com root domain.

Is there a way I can bypass this check?

[wolviex]

I've come across an issue with subdomain delegation, that may be the same thing you're facing here.

I believe this was introduced in the dns_common_lexicon plugin in certbot/pull/9821 back in November of '23. Maybe this needs to be accounted for?

HERE BE DRAGONS
I haven't had a chance to dig in yet, but the workaround for me was to remove/comment out the line:
204: 'delegated': domain, in
/opt/certbot/lib/python3.11/site-packages/certbot/plugins/dns_common_lexicon.py
This is a pain in the ass, and I never recommend changing site-package files.

[p51d78th]

I ran into this yesterday trying to get a certificate for a single subdomain and was able to at least temporarily fix it by modifying the library as well. It running in the docker image made it troublesome but doable.

I did try changing the command to get the certificate for both the top level domain and add the subdomain as an alternative but that causes the same issue.