Problem with Domain Setup
-
Hi I am trying to setup a cloudron service but got problem when using Google cloud DNS.
I have a google domain and i think i have connected it to google google cloud dns (manage zone to add dns?) iam new to this stuff just started to host a domain.So when I am in the cloudron Domain Setup menu and trying to get to the next step (have added a service account through a service account key)
I just get Access denied: Forbidden.
I think i have wrong permissions on the service account but dont know which access to give it (if that is the problem idk) have tried to give it cloud service access and some more but still the same.
Or should i change dns provider from google? (new to this so if there is any better/easier way or best practice i can go with that) -
-
Ah, Google Cloud is quite a beast. Some things to remember:
- Google Domains is a totally different product. And AFAICT, it has no API or automation. But this is the place where people buy domains.
- You have to switch nameservers to Google Cloud DNS to make it automatable. Looks like you did this already?
- Next you have to create a service key. Rememeber you still have to give that key roles - https://cloud.google.com/iam/docs/keys-create-delete#required-permissions . So, that account needs permission to access this domain. Make it a domain admin or even full cloud admin temporarily before making the permission more fine grained.
-
I had a similar problem recently. Here's what I had to do in order to be able to programmatically update DNS records for a domain in Google Cloud DNS:
-
verify domain ownership: https://cloud.google.com/endpoints/docs/openapi/verify-domain-name. I did this by inputting a special DNS TXT record into DNS for the domain.
-
in my case, I was using a Google Cloud Service Account with Terraform (not Cloudron) to modify DNS records in Google Cloud DNS, so in additional to verifying domain ownership, I had to actually add the Service Account I created as a verified owner of the domain as well.
After doing these two things, I was able to programmatically update DNS records for the domain using the Service Account.
So, assuming you've created a Service Account at Google, given it the "DNS Administrator" role, and added the Service Account email as a verified owner of the domain, you should be good to go. I just tested it with my Cloudron and it all worked. I'm attaching a screenshot of the Google domain verification screen showing where I added the Service Account as a domain owner. Hope this helps.
-
-
-
-