Cannot issue on godaddy for *.subdomain.domain about acme.sh HOT 10 CLOSED

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

from acme.sh.

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

I'm on the latest version, and here is the relevant snippet of --debug 2:

acme.sh_cleaned_2.log

from acme.sh.

I encountered the same problem

from acme.sh.

It's not a bug. GoDaddy changed their API so only customers with 10+ domains can use it, speak to their support.

from acme.sh.

It's not a bug. GoDaddy changed their API so only customers with 10+ domains can use it, speak to their support.

I understand this from what I've read, but why is it only like this for subdomain wildcards and not the regular domain?

from acme.sh.

@Tom-CDA my first guess would be cached validation for the domain variation that's working (cached on the CA side, and it will expire), I've not heard of the API working only for the primary domain _acme-challenge record, I guess it's possible but I doubt it.

from acme.sh.

Having similar issues. Weird thing is tho ...when using the Let's Encrypt staging ACME v2 server it's working just fine.

from acme.sh.

@FlexServ the question there would be are you doing any TXT updates at all when it works? Most likely your previous validations against staging are cached by LE. I believe they cache successful validations for 30 days, so it's possible for you to fire off a new order and complete it without needing to complete any domain validations. Until they expire.

from acme.sh.

I got a reply from godaddy:

We have recently updated the account requirements to access parts of our production Domains API. As part of this update, access to these APIs are now limited:
Availability API: Limited to accounts with 50 or more domains
Management and DNS APIs: Limited to accounts with 10 or more domains and/or an active Premium Discount Domain Club plan.
If you are working on the SSL part then it will allow you to add the txt record if you are using ACME. It needs to be _acme-challenge. Our system also no longer allows sub domains to be used with the API.
Please note that this does not affect your access to any of our OTE APIs.

So yes, I don't know if I'm affected by the DNS API thing yet (probably), but most likely the "no longer allows sub domains to be used by".

So I will close this issue because obviously not acme.sh's fault, and time to switch dns hosting. Thanks for the help <3

from acme.sh.

@Tom-CDA that's interesting! It does sounds like they will allow it to update _acme-challenge but not _acme-challenge.www etc, if that's the case you may be able to at least get a wildcard. Unfortunately for me I need the option to list zones via the API, which probably won't work. They really need to update their documentation.

from acme.sh.