Go to https://domains.google.com and create new wildcard record for *.whatever.
Clone the certbot repo and install the package (I'm using Docker).
Since Google Domains doesn't have an API, need to use the manual feature:
Now, go to Google domains and add a TXT record for *.whatever using the above value:
Wait until the name resolves:
In the certbot window, Press Enter to Continue. This will create the certificate in /etc/letsencrypt/live/domain.
Exit the container
A few things to note:
- Certificates are only valid for 90 days (https://community.letsencrypt.org/t/lets-encrypt-in-numbers-limits-restrictions-features/37113)
- Certbot can be used to automate certificate renewal
- cert-manager – successor to kube-lego – added support with https://github.com/jetstack/cert-manager/pull/309
- Merged 2 days ago!
- In theory, we could use cert-manager to generate and maintain wildcard certs via letsencrypt