TechQA.

Google Cloud DNS with Certbot (Wildcard) Giving Permission Issues

280 views Asked by At

I am trying to issue certificates including a wildcard using Certbot. The instructions for google-dns are clear, but I am stuck on the permissions and getting the following permission issue.

Encountered 403 Forbidden with reason "insufficientPermissions"
Encountered 403 Forbidden with reason "insufficientPermissions"
Error finding zone. Skipping cleanup.
Encountered error finding managed zone: <HttpError 403 when requesting https://dns.googleapis.com/dns/v1/projects/example/managedZones?dnsName=example.com.&alt=json returned "Request had insufficient authentication scopes.". Details: "[{'message': 'Insufficient Permission', 'domain': 'global', 'reason': 'insufficientPermissions'}]">

I've added DNS Admin role to my DNS Zone Permissions and DNS Reader role to my Project IAM Permissions under the principle of my main email for the account. What is going on?

google-cloud-platform certbot google-cloud-dns certbot-dns-plugin
Original Q&A
1

There are 1 answers

3
John Hanley On BEST ANSWER

Most likely you are not using the credentials that you think you are.

By default, the plugin will use ADC (Application Default Credentials) that are set up by the CLI gcloud. You might not have set up those credentials with the correct account.

Run the command gcloud auth application-default login and try again.

Your other option is to use the plugin command flag --dns-google-credentials to specify the service account JSON key file.

Related Questions in GOOGLE-CLOUD-PLATFORM

Related Questions in CERTBOT

Related Questions in GOOGLE-CLOUD-DNS

Related Questions in CERTBOT-DNS-PLUGIN

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions