Wildcard Letsencrypt certificate and GoDaddy _acme-challenge record

1. Do you really need a wildcard certificate for your domain?
2. Does your DNS provider have some kind of API to update TXT records for your domain so you could automate the process to get a wildcard cert?

In my case it is “Yes” and “GoDaddy — Yes” ;)

If you do something like this to get your wildcard SSL certificate from Letsencrypt:

certbot-auto - server https://acme-v02.api.letsencrypt.org/directory -d "*.tolik.org" - manual - preferred-challenges dns-01 certonly

Then you might want some level of automation to make the life easier.

There is a good ACME Shell script available on GitHub that supports both Letsencrypt.org CA and GoDaddy.com API, but here you can find a minimal script just to do the job with the bash shell manually. It is based on the dynamic IP script found GoDaddy community forums.

First go to GoDaddy developer site to create a developer account and get your key and secret.

Be aware that there are 2 types of key and secret values — one for the test server and one for the production server. Get a key and secret for the production server.

Second — put your domain name, key and secret into the following script and run it:

#!/bin/bash

# This script is used to check and update your GoDaddy DNS server 
# with the TXT _acme-challenge record
# Special thanks to mfox for his ps script
# https://github.com/markafox/GoDaddy_Powershell_DDNS
# and TheBelcherman
# https://tinyurl.com/yxubdmnu
#
# First go to GoDaddy developer site 
# to create a developer account and get your key and secret
# https://developer.godaddy.com/getstarted
# Be aware that there are 2 types of key and secret - 
# one for the test server and one for the production server
# Get a key and secret for the production server
# 
# Enter vaules for all variables, Latest API call requries them.

domain="tolik.org"        # your domain
type="TXT"                # Record type A, CNAME, MX, etc.
name="_acme-challenge"    # name of record to update
ttl="600"                 # Time to Live min value 600
port="1"                  # Required port, Min value 1
weight="1"                # Required weight, Min value 1
key="XXX"                 # key for godaddy developer API
secret="YYY"              # secret for godaddy developer API

headers="Authorization: sso-key $key:$secret"

echo $headers

result=$(curl -s -X GET -H "$headers" \
 "https://api.godaddy.com/v1/domains/$domain/records/$type/$name")

echo $result

if [ -z "$1" ];
then
	echo "Empty input!"
else
	echo "Updating $name record with $1"
	curl -X PUT "https://api.godaddy.com/v1/domains/$domain/records/$type/$name" \
-H "accept: application/json" \
-H "Content-Type: application/json" \
-H "$headers" \
-d "[ { \"data\": \"$1\", \"name\": \"$name\", \"port\": $port, \"priority\": 0, \"protocol\": \"string\", \"service\": \"string\", \"ttl\": $ttl, \"type\": \"$type\", \"weight\": $weight } ]"

fi

You can run the script without input _acme-challenge value, just to check the current one.