Sub domain wildcard certs fail to be generated because of the GoDaddy API check

[mnejmantowicz]

Discussed in https://github.com/miigotu/certbot-dns-godaddy/discussions/75

^{Originally posted by **mnejmantowicz** March 28, 2024} Hello all. When requesting a sub domain wildcard cert such as `*.lab.work.com `the verification performed by the API produces an error: Error determining zone identifier for `lab.work.com`: 404 Client Error: Not Found for url: `https://api.godaddy.com/v1/domains/lab.work.com` The only way that I know of that GoDaddy DNS supports sub domains is the add a TXT record like so: TXT `_acme-challenge.lab` in the work.com root domain. Is there a way I can bypass this check?

[wolviex]

I've come across an issue with subdomain delegation, that may be the same thing you're facing here.

I believe this was introduced in the dns_common_lexicon plugin in certbot/pull/9821 back in November of '23. Maybe this needs to be accounted for?

HERE BE DRAGONS I haven't had a chance to dig in yet, but the workaround for me was to remove/comment out the line: 204: 'delegated': domain, in /opt/certbot/lib/python3.11/site-packages/certbot/plugins/dns_common_lexicon.py This is a pain in the ass, and I never recommend changing site-package files.

[p51d78th]

I ran into this yesterday trying to get a certificate for a single subdomain and was able to at least temporarily fix it by modifying the library as well. It running in the docker image made it troublesome but doable.

I did try changing the command to get the certificate for both the top level domain and add the subdomain as an alternative but that causes the same issue.