See also:

Go to and create new wildcard record for *.whatever.

Clone the certbot repo and install the package (I'm using Docker).

$ git clone
$ cd certbot
$ docker run -v `pwd`:/certbot -it python bash
# cd /certbot
# python install

Since Google Domains doesn't have an API, need to use the manual feature:

$ certbot certonly --manual -d * --agree-tos --no-bootstrap --server
Please deploy a DNS TXT record under the name with the following value:


Before continuing, verify the record is deployed.

Now, go to Google domains and add a TXT record for *.whatever using the above value:

Login to Google Domains page.
Click DNS tab.
Scroll down to Custom resource records.
Name: *.whatever
Type:  TXT
TTL: 1h
Data: Value from above

Wait until the name resolves:

$ nslookup -type=TXT

Non-authoritative answer:	text = "XXuXXmIvjuvCNa-cXXoX4Xy0c2VDkbQrNnp3V4qrnXo"

In the certbot window, Press Enter to Continue.  This will create the certificate in /etc/letsencrypt/live/domain.  

cp -r /etc/letsencrypy/archive/domain .

Exit the container

cd domain
kubectl create secret generic ndslabs-tls-secret --from-file=tls.crt=fullchain1.pem --from-file=tls.key=privkey1.pem --namespace=default

A few things to note: 

  • No labels