Can't renew SSL certificate

[YsarKain]

I've been using the GoDaddy DNS plugin and it's been working fine for some time. But now I get an error in the console:

Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/129865526/282156040087

Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/369475186577'
The validation for <host.domain> is pending!
[Thu Jun 27 12:33:35 PDT 2024] Adding record
[Thu Jun 27 12:33:36 PDT 2024] TXT record 'REDACTED' for '_acme-challenge.<host.domain>', value wasn't set!
[Thu Jun 27 12:33:36 PDT 2024] Error add txt for domain:_acme-challenge.<host.domain>
TASK ERROR: command 'setpriv --reuid nobody --regid nogroup --clear-groups --reset-env -- /bin/bash /usr/share/proxmox-acme/proxmox-acme setup gd <host.domain>' failed: exit code 1

I see this in the syslog:

Jun 27 12:33:33 <host> pvedaemon[1563130]: <root@pam> starting task UPID:<host>:0018FDE0:02995873:667DBE8D:acmenewcert::root@pam:
Jun 27 12:33:36 <host> pvedaemon[1637856]: command 'setpriv --reuid nobody --regid nogroup --clear-groups --reset-env -- /bin/bash /usr/share/proxmox-acme/proxmox-acme setup gd <host.domain>' failed: exit code 1
Jun 27 12:33:36 <host> pvedaemon[1563130]: <root@pam> end task UPID:<host>:0018FDE0:02995873:667DBE8D:acmenewcert::root@pam: command 'setpriv --reuid nobody --regid nogroup --clear-groups --reset-env -- /bin/bash /usr/share/proxmox-acme/proxmox-acme setup gd <host.domain>' failed: exit code 1

I seem to recall having a similar problem with Nginx Proxy Manager when the certbot script was out of date. Is there some similar script to update for this?

 

[YsarKain]

I've updated to Proxmox v8.2.4 and the problem persists.

 

[encryptedserver]

It is because godaddy no longer allows api to update dns records anymore. You need at least 50 domains with them before you can use the API again. Either host your own DNS server or move to cloudflare.

 

[justinclift]

godaddy no longer allows

GoDaddy have a terrible reputation anyway, so this change of theirs might improve DNS security for a lot of people by having them go elsewhere.

 

[ChargerDad]

It is because godaddy no longer allows api to update dns records anymore. You need at least 50 domains with them before you can use the API again. Either host your own DNS server or move to cloudflare.

I dont' think that is true. I am able to get a wildcard certificate from my OPNsense firewall with the API. From what I can see, the script creates a record for _acme-challenge.domain.com rather than _acme-challenge.host.domain.com at GoDaddy. I have a whole 2 domains with GoDaddy.

EDIT: Found other posts indicating it's 10 domains, but oddly the wildcard cert works with 2 domains..