{"id":20381521,"url":"https://github.com/snowdrop/godaddy-webhook","last_synced_at":"2026-03-07T22:02:20.453Z","repository":{"id":41999100,"uuid":"226033151","full_name":"snowdrop/godaddy-webhook","owner":"snowdrop","description":"Cert Manager Godaddy Webhook performing ACME challenge using DNS record","archived":false,"fork":false,"pushed_at":"2025-12-03T11:13:58.000Z","size":284,"stargazers_count":89,"open_issues_count":7,"forks_count":70,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-12-06T13:46:16.645Z","etag":null,"topics":["cert-manager","cert-manager-webhook","godaddy","kubernetes","letsencrypt","openshift"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/snowdrop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-12-05T06:35:02.000Z","updated_at":"2025-12-03T11:14:01.000Z","dependencies_parsed_at":"2023-09-21T17:52:21.141Z","dependency_job_id":"f455335b-e069-4d1c-adb2-58505b0d6bbf","html_url":"https://github.com/snowdrop/godaddy-webhook","commit_stats":{"total_commits":155,"total_committers":12,"mean_commits":"12.916666666666666","dds":0.1483870967741936,"last_synced_commit":"911bc10c0b8911f8619bb96f3600cf2a5b1c8a28"},"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/snowdrop/godaddy-webhook","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snowdrop%2Fgodaddy-webhook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snowdrop%2Fgodaddy-webhook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snowdrop%2Fgodaddy-webhook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snowdrop%2Fgodaddy-webhook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/snowdrop","download_url":"https://codeload.github.com/snowdrop/godaddy-webhook/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snowdrop%2Fgodaddy-webhook/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30233429,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-07T19:01:10.287Z","status":"ssl_error","status_checked_at":"2026-03-07T18:59:58.103Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cert-manager","cert-manager-webhook","godaddy","kubernetes","letsencrypt","openshift"],"created_at":"2024-11-15T02:14:11.024Z","updated_at":"2026-03-07T22:02:20.404Z","avatar_url":"https://github.com/snowdrop.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ACME Webhook for GoDaddy\n\nTable of Contents\n=================\n- [ACME Webhook for GoDaddy](#acme-webhook-for-godaddy)\n- [Table of Contents](#table-of-contents)\n  - [Introduction](#introduction)\n  - [Governance](#governance)\n  - [Platform](#platform)\n  - [Installation](#installation)\n    - [Cert Manager](#cert-manager)\n    - [The Godaddy webhook](#the-godaddy-webhook)\n      - [Helm deployment](#helm-deployment)\n      - [Manual installation](#manual-installation)\n  - [Issuer](#issuer)\n    - [Secret](#secret)\n    - [ClusterIssuer](#clusterissuer)\n  - [Development](#development)\n    - [Running the test suite](#running-the-test-suite)\n      - [Common testing issues](#common-testing-issues)\n    - [Generate the container image](#generate-the-container-image)\n\n## Introduction\n\nThis project maintains the code used by the [certificate manager](https://cert-manager.io/docs/configuration/acme/dns01/) to access the Godaddy [DNS provider](https://www.godaddy.com/) using a Kubernetes webhook\nwhich needs to be deployed on your kubernetes cluster. When called, the webhook will execute an ACME DNS challenge request to the DNS provider\nto verify if the provider hosts the domain you are requesting a certificate.\n\nThis project supports the following versions of the certificate manager:\n\n| Certificate Manager | Godaddy webhook    |\n|--------------------|--------------------|\n| [1.6 - 1.12]       | v0.1.0             | \n| [\u003e 1.13]           | [v0.2.0 .. v0.5.0] |\n\n**Remark**: The Helm chart `AppVersion` like the image `version` are tagged according to the version used to release this project: v0.1.0, v0.2.0, etc. When using the main branch, the Helm chart will install the latest image pushed on [quay.io](https://quay.io/repository/snowdrop/cert-manager-webhook-godaddy)\n\n## Governance\n\nBefore to open a ticket, please review the [Cert Manager documentation](https://cert-manager.io/docs) explaining the different concepts you will have to deal with such: Issuer, Certificate, Challenge, Order, etc\n\nThe troubleshooting section of the documentation is also a good place to start to understand how to debug the different issues you could face: https://cert-manager.io/docs/troubleshooting/acme/.\n\n## Platform\n\nThe image built supports as Arch: am64 and arm64 since release `\u003e= 0.2.0`\n\n## Installation\n\n### Cert Manager\n\nFollow the [instructions](https://cert-manager.io/docs/installation/) using the cert manager documentation to install it within your cluster.\nOn kubernetes (\u003e= 1.21), the process is pretty straightforward if you use the following commands:\n```bash\nkubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.13.0/cert-manager.yaml\n```\n**NOTES**: Check the cert-manager releases note to verify which [version of certmanager](https://cert-manager.io/docs/installation/supported-releases/) is supported with Kubernetes or OpenShift\n\n### The Godaddy webhook\n\n#### Helm deployment\n\nWhen the cert-manager has been installed, deploy the helm chart on your machine using this command:\n```bash\nexport DOMAIN=acme.mydomain.com  # replace with your domain\nhelm install -n cert-manager godaddy-webhook ./deploy/charts/godaddy-webhook --set groupName=$DOMAIN\n```\n\nThe `groupName` refers to a prior nonexistant Kubernetes API Group, under which custom resources are created.\nThe name itself has no connection to the domain names for which certificates are issued, and using the default of\n`acme.mycompany.com` is fine.\n\n**NOTE**: The kubernetes resources used to install the Webhook should be deployed within the same namespace as the cert-manager.\n\n- To change one of the values, create a `my-values.yml` file or set the value(s) using helm's `--set` argument:\n```bash\nhelm install -n cert-manager godaddy-webhook -f my-values.yml ./deploy/charts/godaddy-webhook\n\nor\n\nhelm install -n cert-manager godaddy-webhook --set pod.securePort=8443 ./deploy/charts/godaddy-webhook\n```\n\nYou can also use the Helm chart published on gh-pages\n```bash\nexport DOMAIN=acme.mydomain.com  # replace with your domain\nhelm repo add godaddy-webhook https://snowdrop.github.io/godaddy-webhook\nhelm install acme-webhook godaddy-webhook/godaddy-webhook -n cert-manager --set groupName=$DOMAIN\n```\n\nTo uninstall the webhook:\n```bash\nhelm uninstall acme-webhook -n cert-manager\n```\n\n#### Manual installation\n\nAlternatively, you can install the webhook using the kubernetes YAML resources. The namespace\n  where the resources should be installed is: `cert-manager`\n```bash\nexport DOMAIN=acme.mydomain.com  # replace with your domain\nsed \"s/acme.mycompany.com/$DOMAIN/g\" deploy/webhook-all.yml | kubectl apply --validate=false -f -\n```\n\n## Issuer\n\nIn order to communicate with Godaddy DNS provider, we will create a Kubernetes Secret\nto store the Godaddy `API` and `GoDaddy Secret`. \nNext, we will define a `ClusterIssuer` containing the information to access the ACME Letsencrypt Server\nand the DNS provider to be used\n\n### Secret\n\n- Create a `Secret` containing as key parameter the concatenation of the Godaddy Api and Secret separated by \":\"\n```yaml\ncat \u003c\u003cEOF \u003e secret.yml\napiVersion: v1\nkind: Secret\nmetadata:\n  name: godaddy-api-key\ntype: Opaque\nstringData:\n  token: \u003cGODADDY_API_KEY:GODADDY_SECRET_KEY\u003e\nEOF\n```\n- Next, deploy it under the namespace where you would like to get your certificate/key signed by the ACME CA Authority (e.g. cert-manager)\n```bash\nkubectl apply -f secret.yml -n \u003cNAMESPACE\u003e\n```\n\n### ClusterIssuer\n\n- Create a `ClusterIssuer` resource to specify the address of the ACME staging or production server to access.\n  Add the DNS01 Solver Config that this webhook will use to communicate with the API of the Godaddy Server in order to create\n   or delete an ACME Challenge TXT record that the DNS Provider will accept/refuse if the domain name exists.\n\n```yaml\ncat \u003c\u003cEOF \u003e clusterissuer.yml \napiVersion: cert-manager.io/v1\nkind: ClusterIssuer\nmetadata:\n  name: letsencrypt-prod\nspec:\n  acme:\n    # ACME Server\n    # prod : https://acme-v02.api.letsencrypt.org/directory\n    # staging : https://acme-staging-v02.api.letsencrypt.org/directory\n    server: \u003cURL_ACME_SERVER\u003e \n    # ACME Email address\n    email: \u003cACME_EMAIL\u003e\n    privateKeySecretRef:\n      name: letsencrypt-\u003cENV\u003e # staging or production\n    solvers:\n    - selector:\n        dnsZones:\n        - 'example.com'\n      dns01:\n        webhook:\n          config:\n            apiKeySecretRef:\n              name: godaddy-api-key\n              key: token\n            production: true\n            ttl: 600\n          groupName: acme.mycompany.com\n          solverName: godaddy\nEOF\n```\n- Next, install it on your kubernetes cluster\n```bash\nkubectl apply -f clusterissuer.yml\n```\n- Next, create for each of your domain where you need a signed certificate from the Letsencrypt authority the following certificate\n\n```yaml\ncat \u003c\u003cEOF \u003e certificate.yml\napiVersion: cert-manager.io/v1\nkind: Certificate\nmetadata:\n  name: wildcard-example-com\nspec:\n  secretName: wildcard-example-com-tls\n  renewBefore: 240h\n  dnsNames:\n  - '*.example.com'\n  issuerRef:\n    name: letsencrypt-prod\n    kind: ClusterIssuer\nEOF\n```\n\n- Deploy it\n```bash\nkubectl apply -f certificate.yml -n \u003cNAMESPACE\u003e\n```\n\n- If you have deployed a NGinx Ingress Controller on Kubernetes in order to route the trafic to your service\n  and to manage the TLS termination, then deploy the following ingress resource where \n\n```yaml\napiVersion: extensions/v1beta1\nkind: Ingress\nmetadata:\n  name: example-ingress\n  annotations:\n    kubernetes.io/ingress.class: \"nginx\"\nspec:\n  tls:\n  - hosts:\n    - '*.example.com'\n    secretName: wildcard-example-com-tls\n  rules:\n  - host: demo.example.com\n    http:\n      paths:\n      - path: /\n        backend:\n          serviceName: backend-service\n          servicePort: 80\n```\n\n- Deploy it\n```bash\nkubectl apply -f ingress.yml -n \u003cNAMESPACE\u003e\n```\n\n**NOTE**: If you prefer to delegate to the certmanager the responsibility to create the Certificate resource, then add the following annotation as described within the documentation `    certmanager.k8s.io/cluster-issuer: \"letsencrypt-prod\"`\n\n## Development\n\n### Running the test suite\n\n**IMPORTANT**: Use the testsuite carefully and do not launch it too much times as the DNS servers could fail and report such a message `suite.go:62: error waiting for record to be deleted: unexpected error from DNS server: SERVFAIL`\n\nTo test one of your registered domains on godaddy, create a secret.yml file using as [example] file(./testdata/godaddy/godaddy.secret.example)\nReplace the `$GODADDY_TOKEN` with your Godaddy API token which corresponds to your `\u003cGODADDY_API_KEY\u003e:\u003cGODADDY_SECRET_KEY\u003e`:\n\n```bash\npushd testdata/godaddy\nexport GODADDY_TOKEN=$(echo -n \"\u003cGODADDY_API_KEY:GODADDY_SECRET_KEY\u003e\")\nenvsubst \u003c godaddy.secret.example \u003e secret.yaml\npopd\n```\n\nInstall a kube-apiserver, etcd locally using the following bash script\n\n```bash\n./scripts/fetch-test-binaries.sh\n```\n\nNow, execute the test suite and pass as parameter the domain name to be tested\n\n```bash\nTEST_ASSET_ETCD=_out/kubebuilder/bin/etcd \\\nTEST_ASSET_KUBECTL=_out/kubebuilder/bin/kubectl \\\nTEST_ASSET_KUBE_APISERVER=_out/kubebuilder/bin/kube-apiserver \\\nTEST_ZONE_NAME=\u003cYOUR_DOMAIN.NAME\u003e. go test -v .\n```\n\nor the following `make` command\n```bash\nmake test TEST_ZONE_NAME=\u003cYOUR_DOMAIN.NAME\u003e\n```\n#### Common testing issues\n\n- As godaddy server could be very slow to reply, it could be needed to increase the TTL defined within the `config.json` file. \n  - If increasing the TTL does not solve the issue, you can also try overriding the DNS server used for testing by setting the `TEST_DNS_SERVER` environment variable to match one of the name servers used by your domain. Ex `TEST_DNS_SERVER=\"pdns01.domaincontrol.com:53\"`\n- The test could also fail as the kube api server is currently finalizing the deletion of the namespace `\"spec\":{\"finalizers\":[\"kubernetes\"]},\"status\":{\"phase\":\"Terminating\"}}`\n\n### Generate the container image\n\n- Verify first that you have access to a docker server running on your kubernetes or openshift cluster ;-)\n- Compile the project locally (to check if no go error are reported)\n```bash\nmake compile\n```\n- Next, build the container image using the Dockerfile included within this project\n```bash\nIMAGE_REPOSITORY=\"quay.io/snowdrop\"\ndocker build -t ${IMAGE_REPOSITORY}/cert-manager-webhook-godaddy .\n```\n**NOTE**: Change the `IMAGE_REPOSITORY` to point to your container repository where you have access\n\nYou can also use the `Makefile` to build/push the container image and pass as parameters the `IMAGE_NAME` and `IMAGE_TAG`. Without `IMAGE_TAG` defined,\ndocker will tag/push as `latest`\n\n```bash\nIMAGE_REPOSITORY=\"quay.io/snowdrop\"\nmake build IMAGE_NAME=${IMAGE_REPOSITORY}\nmake push\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsnowdrop%2Fgodaddy-webhook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsnowdrop%2Fgodaddy-webhook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsnowdrop%2Fgodaddy-webhook/lists"}