We have a longer-than-normal domain, let’s call it ourorg.state.edu.country.
Wildcard cert, *.ourorg.state.edu.country and ourorg.state.edu.country.
GoDaddy DNS API doesn’t like too many “dots”, so I managed to get something going using acme.sh and CNAME Delegations.
I have contacted GoDaddy and they have confirmed that it is a limitation of their API - which is the reason I want (and have successfully) used the Delegation option.
Trying to do the same with Certify Certificate Manager, but I see similar errors when trying to use it with CNAME Delegations: the GoDaddy DNS API CAN’T be used to query anything about the primary domain. Always get this failure: Could not get DNS records for zone ourorg.state.edu.country. Result:, and then something like "... does not conform to the 'domain' format, based on pattern..."
I’m assuming that the tool is performing extra validations (using the API), because the Test process does show that the Delegation settings are being taken into consideration. It says something like:
Configuration Test Results
*.ourorg.state.edu.country
Running [ … … … … … … ]
DNS: Creating TXT Record '_acme-challenge-test.delegated.domain' with value … [*.ourorg.state.edu.country] in ZoneId 'ourorg.state.edu.country' using API provider 'GoDaddy DNS API'.
For CNAME Delegation Rule, I’ve set it up as *.ourorg.state.edu.country:*.delegated.domain, and (for testing) removed the non-wildcard domain from the list of domains to play down the possibility of things getting in the way.
Hoping there’s a way we can convince the tool to not do extra checks, else this is a deal breaker for our domain. Unfortunately, our country’s .edu authority mandates that we have a “state” level. Might have to move off GoDaddy.
Thanks
shaak