Config has been working since 2020 with NO issues. Now seeing the titled error in log when attempting to renew or test certificates. Problem started at same time on 2 seperate servers in 2 different locations. DNS for both with GoDaddy. All DNS records with GoDaddy look good. GoDaddy Support claims it’s not their problem. GoDaddy says they are never seeing the request to create TXT challenge records. Any thoughts on how to proceed. Certs expire in 30 days.
Hi, a year or so ago we did make changes to the GoDaddy provider to firm up how root domain matching was done as it was possible for auto zone matching (where no zoneid was provided) to match the wrong zone.
In the Authorization tab, with GoDaddy selected as the DNS api, check that the Zone Id is set. If not, select the correct zone from the selection list (click … then select from the list), then save and run Request Certificate again. Often the zoneid is pretty much just the primary domain name but this varies by provider and is sometimes an ID.
Actually, testing this now something in the GoDaddy API has changed and Iist operations are being denied by the API. Investigating now.
Still waiting to hear from GoDaddy support but I have heard ancedotaly on another forum that GoDaddy have changed their API requirements:
- Availability API: Limited to accounts with 50 or more domains
- Management and DNS APIs: Limited to accounts with 10 or more domains and/or an active Discount Domain Club plan.
If that’s the case then you may need to move your domain DNS hosting to another provider such as Cloudflare, or delegation challenges to another domain on a different API enabled DNS host, or use our (paid) Certify DNS service for CNAME based DNS challenge delegation DNS Validation (dns-01) | Certify The Web Docs
Thank you webprofusion for all the investigation on this issue! Nothing has changed on my end with the DNS api (set to GoDaddy) or the Zone ID assignment (correctly set for my domain)
I am very interested in confirmng if GoDaddy has in fact changed their policy and practice to limit Management and DNS APIs to accounts with 10 or more.
In the meantime I will begin exploring other DNS Hosting alternatives such as Cloudflare.
GoDaddy manages my domain (for a fee) so I find it odd that they would throw up a minimum limit and no longer provide my DNS Management
Thanks, we have had the following confirmation from GoDaddy and I have asked them to update their developer API documentation (which they haven’t done yet as far as I can see):
We have recently updated the account requirements to access parts of our production Domains API. As part of this update, access to these APIs are now limited:
Availability API: Limited to accounts with 50 or more domains Management and DNS APIs: Limited to accounts with 10 or more domains and/or an active Discount Domain Club plan.If you have lost access to these APIs, but feel you meet these requirements, please reply back with your account number and we will review your account and whitelist you if we have denied you access in error.
Please note that this does not affect your access to any of our OTE APIs.
If you have any further questions or need assistance with other API questions, please reach out.
Note that OTE in the above means Operational Testing Environment or similar and it’s just their test API.
It’s still very much worth contact their support directly and asking for your account ID to be whitelisted for API access. The more noise they have on this issue the more likely they are to change it, when I asked on twitter their support hadn’t heard of anything, but they will!